Published: July 14, 2023
Overview
SonicWall, a network security company, has recently disclosed several vulnerabilities in their Global Management System (GMS) and Analytics products. The vulnerabilities range from critical to moderate severity and are identified by the following CVE numbers: CVE-2023-34123 through CVE-2023-34137. These include four (4) critical and four (4) high severity vulnerabilities. The vulnerabilities allow attackers to bypass authentication and gain unauthorized access to the system. SonicWall has released patches to address these vulnerabilities and recommends that users upgrade to GMS 9.3.3 and Analytics 2.5.2 to mitigate the risks. It is highly recommended that users apply these patches as soon as possible to prevent unauthorized access to their systems.
Impact
- CVE-2023-34124: This vulnerability allows for a Cross-Site Scripting (XSS) attack that attackers use to inject malicious scripts into web pages viewed by other users. This vulnerability allows attackers to steal sensitive information, such as login credentials, from unsuspecting users.
- CVE-2023-34133: This vulnerability is an Improper Authorization flaw allowing attackers to bypass access controls and gain unauthorized access to sensitive information or functionality. The vulnerability grants attackers access to perform actions that they are not authorized to perform, such as modifying or deleting data.
- CVE-2023-34134: An Improper Session Management flaw that allows attackers to hijack user sessions and gain unauthorized access to sensitive information or functionality. The impact: Attackers may perform actions on behalf of legitimate users, such as modifying or deleting data.
- CVE-2023-34137: An Authentication Bypass flaw that allows attackers to bypass authentication and gain unauthorized access to the system. The impact: Attackers may perform actions that they are not authorized to perform, such as modifying or deleting data.
The impact of these critical vulnerabilities is severe as they can allow attackers to gain unauthorized access to sensitive information or functionality, perform actions that they are not authorized to perform, and steal sensitive information from unsuspecting users. It is highly recommended that users upgrade to GMS 9.3.3 and Analytics 2.5.2 to mitigate the risks[5].
Applicable Versions
Products and versions impacted by the SonicWall vulnerabilities are as follows:
- On-premise versions of GMS 9.3.2-SP1 and earlier are impacted by the vulnerabilities.
- Analytics 2.5.0.4-R7 and earlier versions are impacted by the vulnerabilities.
Versions that have the fix for the vulnerabilities are as follows:
- SonicWall has released patches to address the vulnerabilities and recommends that users upgrade to GMS 9.3.3 and Analytics 2.5.2 to mitigate the risks.
Mitigations and Workaround
There are no workarounds for these vulnerabilities. Apply patches and updates. SonicWall has released patches to address the vulnerabilities. It is crucial to upgrade to GMS 9.3.3 and Analytics 2.5.2, as these versions contain the necessary fixes.
Best Practices
Mitigations for the critical vulnerabilities in SonicWall GMS and Analytics products can include the following:
- Apply Patches and Updates: SonicWall has released patches to address the vulnerabilities. It is crucial to upgrade to GMS 9.3.3 and Analytics 2.5.2, as these versions contain the necessary fixes.
- Use Strong Authentication Mechanisms: Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to enhance the security of user accounts and prevent unauthorized access.
- Regularly Update and Patch Software: Keep all software and applications up to date with the latest patches and updates. This includes not only the SonicWall products but also the underlying operating systems and other software components.
- Conduct Security Audits and Penetration Testing: Regularly perform security audits and penetration testing to identify vulnerabilities and weaknesses in the system. This can help proactively address any potential security issues before they are exploited.
- Stay Informed: Stay updated with the latest security advisories and alerts from SonicWall and other trusted sources. This will ensure that you are aware of any new vulnerabilities and can take appropriate actions to mitigate the risks[3].
Netsurion Detection and Response
Netsurion researchers are continuously monitoring the exploits of this vulnerability. Our security analysts will be adding the IOCs (Indicators of Compromise – the hashes of malicious files and the IP addresses) to Netsurion’s Threat Center, our Threat Intelligence Platform. This will help detect malicious files and suspicious Command and Control communications to malicious IP addresses to detect the exploitation of this vulnerability. Netsurion’s vulnerability management system will also detect these SonicWall vulnerabilities for customers who have subscribed to Netsurion Vulnerability Management.
References:
- https://www.obrela.com/sonicwall-gms-and-analytics/
- https://www.secureblink.com/cyber-security-news/sonic-wall-addresses-sq-li-vulnerability-in-analytics-and-gms-products
- https://thehackernews.com/2023/07/new-vulnerabilities-disclosed-in.html?m=1
- https://www.cvedetails.com/vulnerability-list/vendor_id-628/Sonicwall.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
- https://www.bleepingcomputer.com/news/security/sonicwall-warns-admins-to-patch-critical-auth-bypass-bugs-immediately/
- https://pfete.com/index.php/2023/07/13/new-vulnerabilities-disclosed-in-sonicwall-and-fortinet-network-security-products