Cyber Security Threat Summary:
On Wednesday, SonicWall disclosed several critical vulnerabilities impacting its Global Management System firewall management and Analytics network reporting engine software suites. In total 15 vulnerabilities were addressed, four of which were rated critical, four rated high, and seven rated medium in severity. Below is a list of the critical vulnerabilities:

• CVE-2023-34124: Web Service Authentication Bypass
• CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
• CVE-2023-34134: Password Hash Read via Web Service
• CVE-2023-34137: CAS Authentication Bypass

Successful exploitation of these flaws could enable threat actors to bypass authentication and gain access to sensitive data.

“Such data may include information belonging to other users or any data within the compromised application's reach. Following compromise, attackers can manipulate or delete this data, resulting in ‘persistent changes’ to the hacked application's content or functionality” (Bleeping Computer, 2023).

Note: The vulnerabilities can be exploited in low-complexity attacks as they don’t require user interaction.

Security Officer Comments:
SonicWall stated it has no evidence of proof of concept exploit code or active exploitation for the flaws addressed. However, the impacted appliances have a history of being targeted in ransomware (e.g. HelloKitty, FiveHands) and cyber-espionage attacks. For example, in March, SonicWall alongside Mandiant reported that suspected Chinese hackers installed custom malware on unpatched SonicWall Secure Mobile Access (SMA) appliances to gain long-term persistence for cyber-espionage campaigns.

Suggested Correction(s):
The flaws impact GMS versions 9.3.2-SP1 and before and Analytics version 2.5.0.4-R7 and before. They have since been patched in GMS 9.3.3 and in Analytics 2.5.2. Administrators should apply the updates as soon as possible to prevent potential attacks.

Link(s):
https://www.bleepingcomputer.com/