Warning: Multiple critical vulnerabilities in SonicWall GMS and Analytics

Reference:
Advisory #2023-116

Version:
1.0

Affected software:
Analytics - 2.5.0.4-R7 and earlier versions
GMS - Virtual Appliance 9.3.2-SP1 and earlier versions
GMS - Windows 9.3.2-SP1 and earlier versions

Type:
Authentication bypass & Password Hash Read via Web Service

CVE/CVSS:
CVE-2023-34124 / 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-34134 / 9.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVE-2023-34137 / 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

Risks

Multiple critical vulnerabilities in SonicWall GMS and Analytics are due to insufficient authentication check mechanisms.

Two of the vulnerabilities have a HIGH impact on Confidentiality, Integrity, and Availability. Low to no privileges are required to exploit these vulnerabilities.

Description

CVE-2023-34124: Web Service Authentication Bypass

This is an authentication bypass vulnerability for which a Metasploit module was observed in open source and a link to a Metasploit module was shared in the underground.

CVE-2023-34134: Password Hash Read via Web Service

This exposure of sensitive information vulnerability allows an attacker to read the administrator password hash via a web service call.

CVE-2023-34137: CAS Authentication Bypass

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to an authentication bypass vulnerability.

Recommended Actions

The Centre for Cybersecurity Belgium strongly recommends system administrators to visit SonicWall’s release pages to download and install the patched versions of this software.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-34124
https://nvd.nist.gov/vuln/detail/CVE-2023-34134
https://nvd.nist.gov/vuln/detail/CVE-2023-34137