SonicWall has released patches to fix 15 vulnerabilities in its Global Management System (GMS) firewall management and Analytics solutions, including 4 critical and 4 high-severity flaws. The critical flaws could be exploited by a malicious actor to bypass authentication, which would permit access to any information the application is permitted to access, including sensitive data belonging to other users. An attacker could modify, delete, or steal the data, thus affecting the application’s content or behavior.
SonicWall said it is unaware of any instances where the vulnerabilities have been exploited and no reports of proof-of-concept (PoC) exploits have been made public; however, immediate patching is strongly recommended. SonicWall says there are no workarounds available to address the flaws. Updating to the patched version is the only way to address the vulnerabilities.
Vulnerabilities in SonicWall solutions have been actively targeted by malicious actors in the past, including ransomware groups and APT actors for long-term persistent access for cyber-espionage purposes. SonicWall PSIRT strongly recommends organizations using the vulnerable GMS/Analytics On-Prem versions to upgrade immediately.
The vulnerabilities affect SonicWall GMS 9.3.2-SP1 and earlier versions and Analytics 220.127.116.11-R7 and earlier versions. All 15 vulnerabilities have now been fixed, and users should ensure they are running the following patched versions:
- GMS – Virtual Appliance 9.3.9330 or higher
- GMS – Windows 9.3.9330 or higher
- Analytics-Analytics 2.5.2-R9 or higher
The critical and high-severity flaws are detailed below.
|CVE-2023-34133||Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass||9.8 (Critical)|
|CVE-2023-34134||Password Hash Read via Web Service||9.8 (Critical)|
|CVE-2023-34124||Web Service Authentication Bypass||9.4 (Critical)|
|CVE-2023-34137||CAS Authentication Bypass||9.4 (Critical)|
|CVE-2023-34127||Post-Authenticated Command Injection||8.8 (High)|
|CVE-2023-34123||Predictable Password Reset Key||7.5 (High)|
|CVE-2023-34126||Post-Authenticated Arbitrary File Upload||7.1 (High)|
|CVE-2023-34129||Post-Authenticated Arbitrary File Write via Web Service (Zip Slip)||7.1 (High)|