Warning: 4 critical vulnerabilities in SonicWall GMS and Analytics software
Number of CVEs per severity:
- Critical: 4
- High: 4
- Medium: 7
Sources
Risks
SonicWall published a security notice and remediated 15 vulnerabilities of which 4 are critical that can be exploited remotely without any user interaction. Almost all of them have a high impact on the confidentiality, integrity, and availability of the applications.
SonicWall GMS and Analytics are software packages used for managing, deploying and reporting on other SonicWall products. Exploitation of management and deployment software can have a significant impact on the security and stability of the entire software ecosystem they manage.
Exploitation by threat actors has occurred in the past for these types of software. It is therefore advised to patch these vulnerabilities, even if signs of exploitation or a proof-of-concept are not detected at the time of writing.
Description
Below is a summary of the four critical vulnerabilities.
CVE-2023-34133 - Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The vulnerability allows an unauthenticated attacker to extract sensitive information from the application database.
CVE-2023-34134 - Password Hash Read via Web Service
CVSS 9.8 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-34134 allows an authenticated attacker to read the administrator password hash via a web service call. Initial authentication is required for this vulnerability to be exploited, but combined with the authentication bypass vulnerabilities, it might be easy for an attacker to exploit the flaw.
CVE-2023-34124 - Web Service Authentication Bypass
CVSS 9.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)
The vulnerability allows an authentication bypass due to insufficient checks in the authentication mechanism of SonicWall GMS and Analytics Web Services.
CVE-2023-34137 - CAS Authentication Bypass
CVSS 9.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)
CVE-2023-34137 is an authentication bypass vulnerability that is caused by the use of static values for authentication without proper checks in SonicWall GMS and Analytics CAS Web Services.
Recommended Actions
The Centre for Cybersecurity Belgium strongly recommends system administrators to patch the affected systems after thorough testing and follow the vendor's instructions.
SonicWall patching information: https://www.sonicwall.com/support/notices/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
References
https://nvd.nist.gov/vuln/detail/CVE-2023-34137
https://nvd.nist.gov/vuln/detail/CVE-2023-34124
https://nvd.nist.gov/vuln/detail/CVE-2023-34134
https://nvd.nist.gov/vuln/detail/CVE-2023-34133