- 163/2023
- Critical
SonicWall has released security updates to fix multiple vulnerabilities affecting multiple SonicWall products.
The addressed vulnerabilities could allow the attacker to bypass authentication, directory traversal, or disclose information on the affected systems.
Sample of the addressed vulnerabilities:
1. Password Hash Read via Web Service (CVE-2023-34134):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
2. Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass (CVE- 2023-34133):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Data Manipulation
The affected products:
- GMS – Virtual Appliance 9.3.2-SP1 and earlier versions.
- GMS – Windows 9.3.2-SP1 and earlier versions.
- Analytics – 2.5.0.4-R7 and earlier versions.
Vulnerabilities
- CVE-2023-34123
- CVE-2023-34124
- CVE-2023-34125
- CVE-2023-34126
- CVE-2023-34127
- CVE-2023-34128
- CVE-2023-34129
- CVE-2023-34130
- CVE-2023-34131
- CVE-2023-34132
- CVE-2023-34133
- CVE-2023-34134
- CVE-2023-34135
- CVE-2023-34136
- CVE-2023-34137
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.