Scroll Top

New vulnerabilities discovered in SonicWall and Fortinet network security products

21072010_WEB

Network security companies SonicWall and Fortinet have recently disclosed vulnerabilities in their respective network security products, highlighting the importance of prompt updates and vigilant cybersecurity practices. SonicWall has identified 15 security flaws in their Global Management System (GMS) firewall management and Analytics network reporting engine software, while Fortinet has disclosed a critical flaw affecting FortiOS and FortiProxy.

SonicWall Vulnerabilities: SonicWall’s vulnerabilities, ranging from critical to medium severity, could potentially allow threat actors to bypass authentication and gain unauthorized access to sensitive information. The affected versions include GMS 9.3.2-SP1 and earlier, as well as Analytics 2.5.0.4-R7 and earlier. SonicWall has released fixes for these vulnerabilities in versions GMS 9.3.3 and Analytics 2.5.2.

Critical Flaws in SonicWall: Among the critical flaws disclosed by SonicWall are authentication bypass, unauthenticated SQL injection issues, security filter bypass, and cloud app security (CAS) authentication bypass. Exploiting these vulnerabilities could enable attackers to view and modify data, potentially leading to persistent changes in the application’s content and behavior. Users are strongly advised to apply the latest fixes to protect their systems.

Fortinet Vulnerability: Fortinet has disclosed a critical flaw affecting FortiOS and FortiProxy, which may allow remote code execution under specific circumstances. The vulnerability, classified as a stack-based overflow vulnerability (CWE-124), could enable remote attackers to execute arbitrary code or commands through crafted packets. Fortinet has resolved the issue in previous releases but did not provide a specific advisory.

Affected Versions and Mitigation for Fortinet: The affected versions of FortiOS include 7.2.0 through 7.2.3 and 7.0.0 through 7.0.10, while the affected versions of FortiProxy include 7.2.0 through 7.2.2 and 7.0.0 through 7.0.9. Users are advised to update to the recommended versions to address this vulnerability. Additionally, Fortinet suggests disabling HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode for users who are unable to apply the updates immediately.

Conclusion: To ensure robust network security, it is essential for SonicWall and Fortinet users to promptly update their systems with the latest fixes. By staying proactive and implementing necessary security measures, organizations can strengthen their network defenses and mitigate potential risks. For more exclusive content and cybersecurity updates, follow us on Twitter and LinkedIn.

Disclaimer: This article is for informational purposes only. Users are advised to refer to official vendor advisories and follow their recommendations for updates and mitigation strategies.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.