SonicWall alerts to critical auth bypass vulnerability, urges immediate patching
Take action: When the product vendor issues an urgent plea to administrators to apply a patch, it's serious. It's very serious. Start patching as soon as possible since you will be attacked.
Learn More
SonicWall has issued a warning to its customers, urging them to immediately patch critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network reporting engine software suites.
The company has released a patch addressing a total of 15 security flaws.
Impacted systems are on-prem systems running GMS 9.3.2-SP1 or earlier and Analytics 2.5.0.4-R7 or earlier.
The critical vulnerabilities that are fixed include:
CVE-2023-34124: Web Service Authentication Bypass
CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
CVE-2023-34134: Password Hash Read via Web Service
CVE-2023-34137: CAS Authentication Bypass
The company advised organizations to upgrade to the respective patched versions, GMS 9.3.3 and Analytics 2.5.2, without delay.
The patched vulnerabilities can be exploited remotely by unauthenticated threat actors in low-complexity attacks, leading to unauthorized access to data and potential manipulation or deletion of compromised application content or functionality.
SonicWall reported no knowledge of public reports or active exploitation of these vulnerabilities prior to disclosure and patching.
SonicWall's products are widely used by over 500,000 business customers across 215 countries and territories, including government agencies and large corporations globally.
