SonicWall has issued an urgent warning to its customers, urging them to promptly patch several critical vulnerabilities that are affecting the company’s Global Management System (GMS) firewall management and Analytics network reporting engine software suites.
SonicWall Urges Immediate Patching for GMS/Analytics
They responsibly disclosed a series of vulnerabilities, comprising four high-risk ones, which have the potential to allow attackers to bypass authentication and potentially expose sensitive information to unauthorized individuals. To mitigate the associated risks, it is strongly recommended to promptly apply the available patches and update the affected software.
Admins are strongly advised to immediately address the following critical vulnerabilities by upgrading to GMS 9.3.3 and Analytics 2.5.2:
- CVE-2023-34124: Web Service Authentication Bypass
- CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
- CVE-2023-34134: Password Hash Read via Web Service
- CVE-2023-34137: CAS Authentication Bypass
It is crucial to take prompt action to patch these vulnerabilities and ensure the security of the systems.
These vulnerabilities can be exploited remotely by unauthenticated threat actors without requiring any user interaction. Considering the significant risks involved, it is imperative for organizations to upgrade to the patched versions, GMS 9.3.3 and Analytics 2.5.2, in order to effectively mitigate these vulnerabilities and ensure the security of their systems.
SonicWall PSIRT has confirmed that there have been no public reports of proof-of-concept (PoC) exploit code or instances of active exploitation of this vulnerability in the wild prior to the disclosure and patching of the bugs.
SonicWall underscores the significance of following security best practices and maintaining up-to-date software as a proactive defense against ever-evolving threats.