September 29, 2023

SonicWall addressed multiple critical vulnerabilities in its Global Management System (GMS) firewall management and Analytics network management and reporting engine.

The company fixed 15 vulnerabilities that were disclosed in a Coordinated Vulnerability Disclosure report in conjunction with NCCGroup. Four of these vulnerabilities are rated as critical. They can be exploited by an attacker to bypass authentication and potentially expose sensitive information to an unauthorized actor.

The four critical-severity bugs addressed tracked as CVE-2023-34124, CVE-2023-34133, CVE-2023-34134, CVE-2023-34137 with a CVSS score ranging from 9.4-9.8 could be exploited to bypass authentication, potentially leading to the exposure of sensitive information.

Advertisements

Two of the flaws, tracked as CVE-2023-34133 and CVE-2023-34134 with a CVSS score of 9.8 are described as unauthenticated SQL injection and password hash exposure issues, respectively.

The remaining two, CVE-2023-34124 and CVE-2023-34137 (CVSS score of 9.4), are described as a web service authentication bypass and a CAS authentication bypass, respectively.

The remaining four are high-severity vulnerabilities, while the other seven have a severity rating of ‘medium’.

Sonicwall also notes that it is not aware of any of these vulnerabilities being exploited in the wild, nor of proof-of-concept (PoC) exploits being made public

Tags:

Leave a Reply

You may have missed

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023

WordPress Simple Membership Plugin Vulnerabilities

September 28, 2023

Jetbrains TeamCity RCE Vulnerability

September 27, 2023

Heap Buffer Overflow Bug in libwebp Library -CVE-2023-5129

September 27, 2023 2

Symantec Collaborates with Google Cloud Security AI

September 27, 2023 2
%d bloggers like this: