Security News > 2023 > July > SonicWall warns admins to patch critical auth bypass bugs immediately
SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites.
"This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.
SonicWall PSIRT has no knowledge of public reports of proof of concept exploit code or active exploitation of this vulnerability occurring in the wild before the bugs were disclosed and patched.
In March, SonicWall PSIRT and Mandiant revealed that suspected Chinese hackers installed custom malware on unpatched SonicWall Secure Mobile Access appliances to gain long-term persistence for cyber-espionage campaigns.
Grafana warns of critical auth bypass due to Azure AD integration.
VMware fixes vCenter Server bugs allowing code execution, auth bypass.
News URL
Related news
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall urges admins to patch exploitable SSLVPN bug immediately (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Juniper patches critical auth bypass in Session Smart routers (source)