Four Critical SonicWall Vulnerabilities Patched

Share :

On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access:

Vulnerability Score Type
CVE-2023-34124 9.4 (Critical) Web Service Authentication Bypass
CVE-2023-34133 9.8 (Critical) Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
CVE-2023-34134 9.8 (Critical) Password Hash Read via Web Service
CVE-2023-34137 9.4 (Critical) Central Authentication Service (CAS) Authentication Bypass


Additionally, these vulnerabilities can be exploited remotely, do not require user interaction, and are low-complexity. Although Arctic Wolf Labs has not observed a public Proof of Concept (PoC) exploit published or any active exploitation, threat actors are likely to develop exploits for these vulnerabilities due to the prevalence of these products and the level of access on a network a threat actor can achieve once compromised.

Product Vulnerable Version
Global Management Suite Virtual Appliance 9.3.2-SP1 and before
Global Management Suite Windows 9.3.2-SP1 and before
Analytics and before


Apply the Latest Security Patches Released by SonicWall

Arctic Wolf strongly recommends updating to the following versions outlined in the table below to remediate the newly disclosed vulnerabilities.

Note: Arctic Wolf recommends following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.

Product Vulnerable Version Patched Version
Global Management Suite Virtual Appliance 9.3.2-SP1 and before 9.3-9330 and higher versions
Global Management Suite Windows 9.3.2-SP1 and before 9.3-9330 and higher versions
Analytics and before 2.5.2-R9 and higher versions


Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security and holds a bachelor’s degree in Cybersecurity Engineering.
Share :
Table of Contents
Subscribe to our Monthly Newsletter