Firewall manufacturer Sonicwall has issued an urgent warning regarding multiple security vulnerabilities impacting its GMS and analytics systems. There are a total of 15 security flaws that require updates. Sonicwall has classified four of these vulnerabilities as critical risks, four as high-risk, and seven as medium-risk.
The critical vulnerabilities include the ability for attackers to inject SQL commands and bypass security filters without prior authentication, due to a lack of filtering. Another critical risk involves the potential for attackers to read password hashes through the web service. Additionally, the CAS Web Services application utilizes static values for authentication without proper checks, leading to possible authentication bypass. Another vulnerability allows for authentication to be bypassed due to insufficient checks.
These vulnerabilities affect the GMS Virtual Appliance, GMS Windows 9.3.2-SP1 and earlier versions, and Analytics 2.5.0.4-R7 and earlier versions. The security-related flaws have been addressed in the GMS Virtual Appliance and GMS Windows 9.3-9330, as well as Analytics 2.5.2-R9 and newer versions. Instructions for updating can be found in Sonicwall’s Security Advisory.
This is not the first time Sonicwall has addressed security issues with its devices. In March, the company patched a high-risk vulnerability in the operating system of the devices, as it allowed attackers to disable the firewalls.
It is important for users of Sonicwall GMS and analytics systems to promptly update their devices to ensure they are protected against these vulnerabilities. Failure to do so can leave these systems vulnerable to potential attacks.
