In today’s SensCy Cyber Alert, your SensCy team recommends SonicWall Firewall users install the new security update immediately.
The new updates fixes 15 security flaws, with four rated Critical, four rated High, and seven rated Moderate. The flaws impact the Global Management System (GMS) on-premise versions 9.3.2-SP1 and before and Analytics 220.127.116.11-R7. All fixes are available in versions GMS 9.3.3 and Analytics 2.5.2.
SonicWall explained that “”the suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve,”
Here are the four Critical Flaws:
CVE-2023-34124; a Web Service Authentication Bypass
CVE-2023-34133; a Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
CVE-2023-34134; Password Hash Read via Web Service
CVE-2023-34137; Cloud App Security (CAS) Authentication Bypass
SonicWall vulnerabilities are known to be very lucrative attack vectors for threat actors. We highly recommend applying those patches as soon as possible to mitigate any potential risks.
If you have any questions, please contact your Cyber Advocate.