SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company’s Global Management System firewall management and Analytics network reporting engine software suites.
“This suite of vulnerabililtes, which was responsibility disclosed, includes four vulnerabilities with a CVSSv3 rating of CRITICAL, that allows an attacker to bypass authentication and could potentially result in exposure of sensitive information to an unauthorized actor,” SonicWall said.
SonicWall PSIRT has no knowledge of public reports of proof of concept exploit code or active exploitation of this vulnerability occurring in the wild before the bugs were disclosed and patched.
In March, SonicWall PSIRT and Mandiant revealed that suspected Chinese hackers installed custom malware on unpatched SonicWall Secure Mobile Access appliances to gain long-term persistence for cyber-espionage campaigns.
Grafana warns of critical auth bypass due to Azure AD integration.
VMware fixes vCenter Server bugs allowing code execution, auth bypass.
