Skip to content

Fortinet and Sonicwall report critical vulnerabilities in their products

  • by
  • 2 min read

SonicWall and Fortinet disclosed several critical flaws in their software, allowing the hackers to gain unauthorised access to users’ data.

SonicWall has issued an advisory urging its customers to apply the latest fixes to its Global Management System (GMS) firewall management and Analytics network reporting software.

The fixes address 15 security flaws, four rated critical, four rated High, and seven rated Medium in severity. The vulnerabilities disclosed by NCC Group could potentially allow threat actors to bypass authentication and gain unauthorized access to sensitive information.

The impacted software versions include GMS 9.3.2-SP1 and earlier and Analytics 2.5.0.4-R7 and earlier. Customers are advised to update to versions GMS 9.3.3 and Analytics 2.5.2 to mitigate the risks associated with these vulnerabilities.

SonicWall highlighted that the set of vulnerabilities enables attackers to view and modify data they would not typically access. This includes data belonging to other users and any other information accessible to the application, potentially leading to persistent changes in the application’s content or behaviour.

The list of critical flaws includes a web service authentication bypass (CVE-2023-34124), multiple unauthenticated SQL injection issues and security filter bypass (CVE-2023-34133), password hash read via web service (CVE-2023-34134), and a cloud app security (CAS) authentication bypass (CVE-2023-34137).

In a separate disclosure, Fortinet revealed a critical flaw affecting FortiOS and FortiProxy (CVE-2023-33308). This vulnerability could allow remote code execution under certain conditions. Fortinet resolved the issue in a previous release but did not provide a specific advisory.

Impacted products include FortiOS versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.10, as well as FortiProxy versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.9. Fortinet advises customers to update to the listed versions to address the security vulnerability.

Fortinet recommends disabling HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode as a temporary mitigation measure for customers unable to immediately apply the updates.

In the News: Security flaws in QuickBlox expose millions of user records

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

    • Related Reads

    This is an image of facebook ads instagram 23898

    Android users are getting bombarded with unskippable ads

    Photo: in green / shutterstock. Com

    High-severity Chrome flaw exploited in the wild patched

    This is an image of hacked security illustration 11

    Novel infostealer caught stealing browser data and crypto wallet extensions

    This is an image of malware featured security

    Malware targets 6 countries using fake invoice emails

    This is an image of data breach featured cybersecurity 113 e1666861228304

    M&S confirms data leak during cyberattack

    Photo: arnav pratap singh / shutterstock. Com

    UPI outage disrupts Indian payment systems

    >