Governance & Risk Management , Patch Management , Vulnerability Assessment & Penetration Testing (VA/PT)

Patch Now! SonicWall, Fortinet Fix Multiple Critical Bugs

Vulnerabilities Affect Network Security Products
Patch Now! SonicWall, Fortinet Fix Multiple Critical Bugs
Image: Shutterstock

Networking and security appliance manufacturers SonicWall and Fortinet this week released details of multiple critically rated vulnerabilities that affect at least half a dozen network security products.

See Also: Offensive Security: Lose That Loser's Mindset

SonicWall on Wednesday released security fixes for 15 bugs affecting its Global Management System's firewall management and Analytics network reporting engine software. The flaws affect the on-premises versions of GMS 9.3.2-SP1 and earlier and Analytics and earlier.

The fixes include four critically rated authentication bypass vulnerabilities that could result in exposure of sensitive information to an unauthorized actor, SonicWall's security advisory says.

"The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve," SonicWall said. "This might include data belonging to other users or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior."

The critically rated flaws include:

  • CVE-2023-34124 - CVSS score: 9.4: Web Service Authentication Bypass
  • CVE-2023-34133 - CVSS score: 9.8: Multiple Unauthenticated SQL Injection Issues and Security Filter Bypass
  • CVE-2023-34134 - CVSS score: 9.8: Password Hash Read via Web Service
  • CVE-2023-34137 - CVSS score: 9.4: Cloud App Security - CAS - Authentication Bypass

The flaws were discovered by the NCC Group. No workarounds are available for these bugs, and users are urged to patch as soon as possible.

Other vulnerabilities include a predictable password reset key issue and a hard-coded Tomcat credentials flaw, in addition to command injection, file write, file upload, password hash read and other issues, cybersecurity company Rapid7 said.

"At least on the surface, the potential for data exposure and theft as a result of these flaws sounds reminiscent of the recent MOVEit Transfer vulnerabilities," Rapid7 said. "We expect these CVEs to be extremely attractive to adversaries, including those looking to extort victims after executing smash-and-grab attacks."

Rapid7 added that while the vulnerabilities are not known to be exploited in the wild as of Thursday, other SonicWall vulnerabilities have been popular targets for adversaries, including ransomware groups, in the past. The urgent nature of SonicWall's warning reflects that security teams should patch soon.

CISA Warns of Critical FortiOS and FortiProxy Bug

The U.S. Cybersecurity and Infrastructure Security Agency along with the computer emergency response teams of several countries including New Zealand, urged users of Fortinet products to immediately apply a fix for a critical RCE bug.

Tracked as CVE-2023-33308, with a 9.8 CVSS score, the bug affects the FortiOS and FortiProxy products. It is a stack overflow vulnerability that allows an attacker to remotely execute arbitrary code or a command using specially crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection, Fortinet said in its security advisory.

The flaws have been fixed in the following versions:

  • FortiOS version 7.4.0 or above
  • FortiOS version 7.2.4 or above
  • FortiOS version 7.0.11 or above
  • FortiProxy version 7.2.3 or above
  • FortiProxy version 7.0.10 or above

Users can also disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode as a workaround for the vulnerability.

The bug appears to have been an accidental discovery made by WatchTowr that was found during the analysis of another Fortinet bug, CVE-2022-42475, according to the company's blog.

"While it's not as bad as the world-ending RCE bugs we've seen lately, it's still a worrisome bug," a WatchTowr researcher said.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.