Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in SonicWall Products
Alerts

Critical Vulnerabilities in SonicWall Products

14 July 2023

SonicWall has released security updates to address critical vulnerabilities (CVE-2023-34124, CVE-2023-34133, CVE-2023-34134, CVE-2023-34137) in their SonicWall Global Management System (GMS) and Analytics products.

The vulnerabilities are:

  • CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass (CVSS 9.8)

  • CVE-2023-34134: Password Hash Read via Web Service (CVSS 9.8)

  • CVE-2023-34137: CAS Authentication Bypass (CVSS 9.4)

  • CVE-2023-34124: Web Service Authentication Bypass (CVSS 9.4)

Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorised access to data that would typically be inaccessible.

The vulnerabilities affect GMS versions 9.3.2-SP1 and Analytics versions 2.5.0.4-R7 and earlier versions of both products.

Users and administrators of the affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
https://www.bleepingcomputer.com/news/security/sonicwall-warns-admins-to-patch-critical-auth-bypass-bugs-immediately/

Back to top