SonicWall Warns of Critical GMS SQL Injection Vulnerability By Orbit Brain July 23, 2022 0 342 views Dwelling › Endpoint SafetySonicWall Warns of Crucial GMS SQL Injection VulnerabilityBy Ryan Naraine on July 22, 2022TweetCommunity safety equipment vendor SonicWall late Thursday shipped pressing patches for a vital flaw in its World Administration System (GMS) software program, warning that the problem exposes companies to distant hacker assaults.The vulnerability, which carries a critical-severity ranking of CVSS 9.4, offers a pathway for a distant attacker to execute arbitrary SQL queries within the database, in line with SonicWall’s documentation of the problem.The vulnerability exists attributable to inadequate sanitization of user-supplied information, establishing eventualities the place a distant non-authenticated attacker can ship a specifically crafted request to the affected utility and execute arbitrary SQL instructions inside the utility database.In accordance with this advisory, profitable exploitation of the SonicWall GMS safety defect could enable a distant attacker to learn, delete, modify information within the database and acquire full management over the affected utility.The vulnerability, tracked as CVE-2022-22280, impacts SonicWall World Administration System installations earlier than 9.3.1-SP2-Hotfix-2.[ READ: Zero-Day Flaws in SonicWall E-mail Safety Product Exploited ]SonicWall stated it was not conscious of energetic exploitation within the wild or the general public launch of proof-of-concept (PoC) exploit code concentrating on the bug.Here is Sonicwall’s description of the problem:CVE-2022-22280 is a vital vulnerability (CVSS 9.4) that ends in an Improper Neutralization of Particular Components utilized in an SQL command in SonicWall GMS.There isn’t a workaround out there for this vulnerability. Nevertheless, the probability of exploitation could also be considerably lowered by incorporating a Net Software Firewall (WAF) to dam SQLi makes an attempt.The corporate’s product safety incident response workforce is pushing organizations utilizing the affected GMS model to use the patches instantly.SonicWall has printed deployment guides [pdf] to assist organizations to improve GMS deployments.SonicWall’s World Administration System is utilized by enterprise prospects to quickly deploy and centrally handle SonicWall firewall, wi-fi, e-mail safety, and safe distant entry instruments from a single console. Associated: Zero-Day Flaws in SonicWall E-mail Safety Product ExploitedAssociated: Attackers Leverage SonicWall VPN Flaw to Compromise SRA Home equipmentAssociated: Command Injection Flaw in SonicWall Firewall Administration SoftwareGet the Each day Briefing Most LatestMost LearnSonicWall Warns of Crucial GMS SQL Injection VulnerabilityChrome Flaw Exploited by Israeli Adware Agency Additionally Impacts Edge, SafariIntezer Paperwork Highly effective ‘Lightning Framework’ Linux MalwareNew Default Account Lockout Coverage in Home windows 11 Blocks Brute Drive AssaultsEdge Administration and Orchestration Agency Zededa Raises $26 MillionNew Cross-Platform ‘Luna’ Ransomware Solely Provided to Russian AssociatesCode Execution and Different Vulnerabilities Patched in DrupalMicrosoft Resumes Rollout of Macro Blocking FunctionUnderstanding the Evolution of Cybercrime to Predict its FutureRomanian Operator of Bulletproof Internet hosting Service Extradited to the USOn the lookout for Malware in All of the Incorrect Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice Yr To Be a Scammer.Do not Let DNS be Your Single Level of FailureMethods to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingMethods to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp appliances critical vulnerability CVE-2022-22280 cvss firewall global management system gms network security patches security updates sonicwall sql injection sqli Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Cybersecurity Financing Declined in Q2 2022, But Investors OptimisticIntroducing the Cyber Security News Cybersecurity Financing Declined in Q2 2022, But Investors Optimistic.... August 3, 2022 Cyber Security News
Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware FamiliesIntroducing the Cyber Security News Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware Families.... December 13, 2022 Cyber Security News
ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 VulnerabilitiesIntroducing the Cyber Security News ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities.... August 9, 2022 Cyber Security News
Morocco Detains Frenchman Wanted in US Over Cybercrime: Police SourceIntroducing the Cyber Security News Morocco Detains Frenchman Wanted in US Over Cybercrime: Police Source.... August 1, 2022 Cyber Security News
Ukraine’s Delta Military Intelligence Program Targeted by HackersIntroducing the Cyber Security News Ukraine’s Delta Military Intelligence Program Targeted by Hackers.... December 20, 2022 Cyber Security News
MITRE Publishes 2022 List of 25 Most Dangerous VulnerabilitiesIntroducing the Cyber Security News MITRE Publishes 2022 List of 25 Most Dangerous Vulnerabilities.... June 29, 2022 Cyber Security News
Solana Memecoin Presale Gone Wrong: Creator Accidentally Burns $10M, Whale Makes Huge ProfitMarch 18, 2024 71
The Next Shiba Inu and Dogecoin? Dogecoin20 ICO and the Promise of Millionaire ReturnsMarch 20, 2024 68