CVE-2023-34129

Summary

CVE-2023-34129 is a path traversal vulnerability affecting SonicWall GMS and Analytics versions 9.3.2-SP1 and earlier, and 2.5.0.4-R7 and earlier. An authenticated attacker can exploit this issue by manipulating file paths to extract arbitrary files from any location on the underlying filesystem with root privileges. The vulnerability is caused by an improper limitation of pathnames to a restricted directory, which allows the attacker to use the Zip Slip method to traverse directories. This poses a significant risk, as attackers can gain unauthorized access to sensitive information or even take control of the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.