www.belgium.be Logo of the federal government

Warning: 4 critical vulnerabilities in SonicWall GMS and Analytics software

Referentie: 
Advisory #2023-81
Versie: 
1.0
Geïmpacteerde software: 
GMS - Virtual Appliance 9.3.2-SP1 and earlier versions
GMS - Windows 9.3.2-SP1 and earlier versions
Analytics - 2.5.0.4-R7 and earlier versions
Type: 
Multiple vulnerabilities ranging from Sensitive Information Leak to Authentication Bypass and SQL Injection
CVE/CVSS: 

Number of CVEs per severity:

  • Critical: 4
  • High: 4
  • Medium: 7

 

Datum: 
14/07/2023

Bronnen

https://www.sonicwall.com/support/notices/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Risico’s

SonicWall published a security notice and remediated 15 vulnerabilities of which 4 are critical that can be exploited remotely without any user interaction. Almost all of them have a high impact on the confidentiality, integrity, and availability of the applications.

SonicWall GMS and Analytics are software packages used for managing, deploying and reporting on other SonicWall products. Exploitation of management and deployment software can have a significant impact on the security and stability of the entire software ecosystem they manage.

Exploitation by threat actors has occurred in the past for these types of software. It is therefore advised to patch these vulnerabilities, even if signs of exploitation or a proof-of-concept are not detected at the time of writing.

Beschrijving

Below is a summary of the four critical vulnerabilities.

CVE-2023-34133 - Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass

CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

The vulnerability allows an unauthenticated attacker to extract sensitive information from the application database.

CVE-2023-34134 - Password Hash Read via Web Service

CVSS 9.8 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVE-2023-34134 allows an authenticated attacker to read the administrator password hash via a web service call. Initial authentication is required for this vulnerability to be exploited, but combined with the authentication bypass vulnerabilities, it might be easy for an attacker to exploit the flaw.

CVE-2023-34124 - Web Service Authentication Bypass

CVSS 9.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

The vulnerability allows an authentication bypass due to insufficient checks in the authentication mechanism of SonicWall GMS and Analytics Web Services.

CVE-2023-34137 - CAS Authentication Bypass

CVSS 9.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

CVE-2023-34137 is an authentication bypass vulnerability that is caused by the use of static values for authentication without proper checks in SonicWall GMS and Analytics CAS Web Services.

 

Aanbevolen acties

The Centre for Cybersecurity Belgium strongly recommends system administrators to patch the affected systems after thorough testing and follow the vendor's instructions.

SonicWall patching information: https://www.sonicwall.com/support/notices/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Referenties

https://nvd.nist.gov/vuln/detail/CVE-2023-34137
https://nvd.nist.gov/vuln/detail/CVE-2023-34124
https://nvd.nist.gov/vuln/detail/CVE-2023-34134
https://nvd.nist.gov/vuln/detail/CVE-2023-34133