SonicWall Patches Multiple Critical Security Flaws in Firewall Management Systems
SonicWall Issues Urgent Call
Overt Operator
July 12, 2023
American cybersecurity firm SonicWall has issued an urgent call to its customers to patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites. SonicWall addressed a total of 15 security flaws, some of which could allow threat actors to bypass authentication and gain access to vulnerable systems.
The vulnerabilities, which were responsibly disclosed, include four classified as critical with a Common Vulnerability Scoring System (CVSSv3) rating. "These vulnerabilities allow an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall warned. The company's Product Security Incident Response Team (PSIRT) strongly advised organizations using the affected GMS/Analytics On-Prem versions to upgrade to the patched versions immediately.
The list of critical vulnerabilities that need immediate patching by upgrading to GMS 9.3.3 and Analytics 2.5.2 includes:
CVE-2023-34124: Web Service Authentication Bypass
CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
CVE-2023-34134: Password Hash Read via Web Service
CVE-2023-34137: CAS Authentication Bypass
These vulnerabilities can be exploited remotely by unauthenticated threat actors in low-complexity attacks that don't require user interaction.
Successful exploitation could give unauthorized access to data that would typically be inaccessible to an attacker, as per a security advisory published on Wednesday. This data may include other users' information or any data within the compromised application's reach. Once compromised, attackers can manipulate or delete this data, leading to "persistent changes" to the compromised application's content or functionality.
SonicWall PSIRT reports no public proof of concept (PoC) exploit code or active exploitation of these vulnerabilities occurring in the wild prior to their disclosure and patching.
SonicWall's appliances have previously been targeted in ransomware (e.g., HelloKitty, FiveHands) and cyber-espionage attacks. In March, SonicWall PSIRT and cybersecurity firm Mandiant revealed that suspected Chinese hackers had installed custom malware on unpatched SonicWall Secure Mobile Access (SMA) appliances to gain long-term persistence for cyber-espionage campaigns.
With more than 500,000 business customers spread across 215 countries and territories, including government agencies and some of the world's largest companies, SonicWall's announcement underscores the critical need for continuous security updates.