Governance & Risk Management
,
Patch Management
,
Vulnerability Assessment & Penetration Testing (VA/PT)
Vulnerabilities Affect Network Security Products
Networking and security appliance manufacturers SonicWall and Fortinet this week released details of multiple critically rated vulnerabilities that affect at least half a dozen network security products.
See Also: OnDemand | Reclaim Control over Your Secrets – The Secret Sauce to Secrets Security
SonicWall on Wednesday released security fixes for 15 bugs affecting its Global Management System’s firewall management and Analytics network reporting engine software. The flaws affect the on-premises versions of GMS 9.3.2-SP1 and earlier and Analytics 2.5.0.4-R7 and earlier.
The fixes include four critically rated authentication bypass vulnerabilities that could result in exposure of sensitive information to an unauthorized actor, SonicWall’s security advisory says.
“The suite of vulnerabilities allows an attacker to view data that they are not normally able to retrieve,” SonicWall said. “This might include data belonging to other users or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.”
The critically rated flaws include:
- CVE-2023-34124 – CVSS score: 9.4: Web Service Authentication Bypass
- CVE-2023-34133 – CVSS score: 9.8: Multiple Unauthenticated SQL Injection Issues and Security Filter Bypass
- CVE-2023-34134 – CVSS score: 9.8: Password Hash Read via Web Service
- CVE-2023-34137 – CVSS score: 9.4: Cloud App Security – CAS – Authentication Bypass
The flaws were discovered by the NCC Group. No workarounds are available for these bugs, and users are urged to patch as soon as possible.
Other vulnerabilities include a predictable password reset key issue and a hard-coded Tomcat credentials flaw, in addition to command injection, file write, file upload, password hash read and other issues, cybersecurity company Rapid7 said.
“At least on the surface, the potential for data exposure and theft as a result of these flaws sounds reminiscent of the recent MOVEit Transfer vulnerabilities,” Rapid7 said. “We expect these CVEs to be extremely attractive to adversaries, including those looking to extort victims after executing smash-and-grab attacks.”
Rapid7 added that while the vulnerabilities are not known to be exploited in the wild as of Thursday, other SonicWall vulnerabilities have been popular targets for adversaries, including ransomware groups, in the past. The urgent nature of SonicWall’s warning reflects that security teams should patch soon.
CISA Warns of Critical FortiOS and FortiProxy Bug
The U.S. Cybersecurity and Infrastructure Security Agency along with the computer emergency response teams of several countries including New Zealand, urged users of Fortinet products to immediately apply a fix for a critical RCE bug.
Tracked as CVE-2023-33308, with a 9.8 CVSS score, the bug affects the FortiOS and FortiProxy products. It is a stack overflow vulnerability that allows an attacker to remotely execute arbitrary code or a command using specially crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection, Fortinet said in its security advisory.
The flaws have been fixed in the following versions:
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.11 or above
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.10 or above
Users can also disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode as a workaround for the vulnerability.
The bug appears to have been an accidental discovery made by WatchTowr that was found during the analysis of another Fortinet bug, CVE-2022-42475, according to the company’s blog.
“While it’s not as bad as the world-ending RCE bugs we’ve seen lately, it’s still a worrisome bug,” a WatchTowr researcher said.