Advisory July 13, 2023

SonicWall GMS and Analytics

The Obrela Threat Intelligence Team

SonicWall GMS and Analytics Impacted by Multiple Vulnerabilities

Overview:

SonicWall Global Management System (GMS) firewall management and Analytics network reporting engine software products have been identified with a total of 15 security flaws containing critical, high, and medium severity vulnerabilities. While no evidence of exploitation currently exists, SonicWall strongly advises organizations using older versions of GMS and Analytics to upgrade to the latest fixed versions.

Vulnerabilities:

The suite of vulnerabilities includes the following:

  • CVE-2023-34123: Predictable Password Reset Key (CVSS: 7.5) – This vulnerability allows an attacker to reset passwords using predictable cryptographic keys.
  • CVE-2023-34124: Web Service Authentication Bypass (CVSS: 9.4) – An attacker can bypass authentication mechanisms, gaining unauthorized access to the web service.
  • CVE-2023-34125: Post-Authenticated Arbitrary File Read via Backup File Directory Traversal (CVSS: 6.5) – Exploiting directory traversal vulnerabilities, an attacker with post-authentication can read arbitrary files.
  • CVE-2023-34126: Post-Authenticated Arbitrary File Upload (CVSS: 7.1) – Attackers with post-authentication privileges can upload and execute arbitrary files.
  • CVE-2023-34127: Post-Authenticated Command Injection (CVSS: 8.8) – Attackers with post-authentication can execute arbitrary commands through code injection.
  • CVE-2023-34128: Hardcoded Tomcat Credentials (Privilege Escalation) (CVSS: 6.5) – Privilege escalation is possible by leveraging hardcoded Tomcat credentials.
  • CVE-2023-34129: Post-Authenticated Arbitrary File Write via Web Service (Zip Slip) (CVSS: 7.1) – Attackers with post-authentication privileges can write arbitrary files using the “Zip Slip” vulnerability.
  • CVE-2023-34130: Use of Outdated Cryptographic Algorithm with Hardcoded Key (CVSS: 5.3) – This vulnerability stems from using an outdated cryptographic algorithm with a hardcoded key.
  • CVE-2023-34131: Unauthenticated Sensitive Information Leak (CVSS: 5.3) – Attackers can gain unauthorized access to sensitive information without authentication.
  • CVE-2023-34132: Client-Side Hashing Function Allows Pass-the-Hash (CVSS: 4.9) – Weaknesses in client-side hashing functions enable “pass-the-hash” attacks.
  • CVE-2023-34133: Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass (CVSS: 9.8) – Attackers can perform SQL injection attacks and bypass security filters, leading to unauthorized access.
  • CVE-2023-34134: Password Hash Read via Web Service (CVSS: 9.8) – Attackers can read password hashes through a web service, potentially exposing sensitive information.
  • CVE-2023-34135: Post Authenticated Arbitrary File Read via Web Service (CVSS: 6.5) – Attackers with post-authentication privileges can read arbitrary files through a web service.
  • CVE-2023-34136: Unauthenticated File Upload (CVSS: 6.5) – Attackers can upload files without authentication, posing a risk of executing malicious code.
  • CVE-2023-34137: CAS Authentication Bypass (CVSS: 9.4) – Attackers can bypass CAS authentication mechanisms, gaining unauthorized access.

Affected Products:

The following versions of SonicWall GMS and Analytics are affected:

  • GMS – Virtual Appliance 9.3.2-SP1 and earlier versions
  • GMS – Windows 9.3.2-SP1 and earlier versions
  • Analytics – 2.5.0.4-R7 and earlier versions

Recommended Actions:

To address the vulnerabilities, SonicWall advises the following actions:

  • Upgrade GMS – Virtual Appliance to version 9.3-9330 or higher.
  • Upgrade GMS – Windows to version 9.3-9330 or higher.
  • Upgrade Analytics to version 2.5.2 or higher.

It is crucial for organizations using the affected versions to apply the recommended software updates immediately.

The SOC teams of OBRELA remain vigilant and are closely monitoring clients’ infrastructure regarding potential exploitation attempts and IoCs.

References:

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/