Security News > 2023 > July > SonicWall warns admins to patch critical auth bypass bugs immediately
SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites.
"This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.
SonicWall PSIRT has no knowledge of public reports of proof of concept exploit code or active exploitation of this vulnerability occurring in the wild before the bugs were disclosed and patched.
In March, SonicWall PSIRT and Mandiant revealed that suspected Chinese hackers installed custom malware on unpatched SonicWall Secure Mobile Access appliances to gain long-term persistence for cyber-espionage campaigns.
Grafana warns of critical auth bypass due to Azure AD integration.
VMware fixes vCenter Server bugs allowing code execution, auth bypass.
News URL
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)
- Ivanti warns of critical Neurons for ITSM auth bypass flaw (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
- Hewlett Packard Enterprise warns of critical StoreOnce auth bypass (source)
- HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass (source)
- Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI (source)