CVE-2023-34124
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/07/2023
Last modified:
08/04/2025
Description
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:* | 2.5.0.4-r7 (including) | |
| cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:* | 9.3.2 (excluding) | |
| cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:* | ||
| cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
- https://www.sonicwall.com/support/notices/230710150218060
- http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
- https://www.sonicwall.com/support/notices/230710150218060