Security News > 2023 > July > SonicWall warns admins to patch critical auth bypass bugs immediately
SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System firewall management and Analytics network reporting engine software suites.
"This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor," SonicWall said.
SonicWall PSIRT has no knowledge of public reports of proof of concept exploit code or active exploitation of this vulnerability occurring in the wild before the bugs were disclosed and patched.
In March, SonicWall PSIRT and Mandiant revealed that suspected Chinese hackers installed custom malware on unpatched SonicWall Secure Mobile Access appliances to gain long-term persistence for cyber-espionage campaigns.
Grafana warns of critical auth bypass due to Azure AD integration.
VMware fixes vCenter Server bugs allowing code execution, auth bypass.
News URL
Related news
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)