On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access:
|CVE-2023-34124||9.4 (Critical)||Web Service Authentication Bypass|
|CVE-2023-34133||9.8 (Critical)||Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass|
|CVE-2023-34134||9.8 (Critical)||Password Hash Read via Web Service|
|CVE-2023-34137||9.4 (Critical)||Central Authentication Service (CAS) Authentication Bypass|
Additionally, these vulnerabilities can be exploited remotely, do not require user interaction, and are low-complexity. Although Arctic Wolf Labs has not observed a public Proof of Concept (PoC) exploit published or any active exploitation, threat actors are likely to develop exploits for these vulnerabilities due to the prevalence of these products and the level of access on a network a threat actor can achieve once compromised.
|Global Management Suite Virtual Appliance||9.3.2-SP1 and before|
|Global Management Suite Windows||9.3.2-SP1 and before|
|Analytics||188.8.131.52-R7 and before|
Apply the Latest Security Patches Released by SonicWall
Arctic Wolf strongly recommends updating to the following versions outlined in the table below to remediate the newly disclosed vulnerabilities.
Note: Arctic Wolf recommends following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.
|Product||Vulnerable Version||Patched Version|
|Global Management Suite Virtual Appliance||9.3.2-SP1 and before||9.3-9330 and higher versions|
|Global Management Suite Windows||9.3.2-SP1 and before||9.3-9330 and higher versions|
|Analytics||184.108.40.206-R7 and before||2.5.2-R9 and higher versions|