CVE-2023-34133

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 13, 2023

Updated: Sep 8, 2023

CWE ID 89

Summary

CVE-2023-34133 is a significant SQL Injection vulnerability affecting SonicWall GMS and Analytics. Unauthenticated attackers can exploit this issue, present in SonicWall GMS versions 9.3.2-SP1 and earlier, and Analytics versions 2.5.0.4-R7 and earlier. By manipulating special elements in SQL commands, they can extract sensitive information from the application database. This vulnerability poses a serious risk to organizations using these versions and requires immediate attention for patching or mitigation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SonicWALL Global Management System

Affected Vendors

SonicWall Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-Fa-l
https://www.cve.org/CVERecord?id=CVE-2023-34133
https://nvd.nist.gov/vuln/detail/CVE-2023-34133

Back to Vulnerability Database