CVE-2023-34137

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 13, 2023

Updated: Jul 25, 2023

CWE ID 305

CWE ID 287

Summary

CVE-2023-34137 is a vulnerability affecting SonicWall's GMS and Analytics CAS Web Services. The issue stems from the applications' use of static values for authentication without adequate checks, resulting in an authentication bypass vulnerability. This weakness puts versions 9.3.2-SP1 and earlier of GMS, as well as 2.5.0.4-R7 and earlier of Analytics, at risk. Successful exploitation could grant unauthorized access to the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SonicWALL Global Management System

Affected Vendors

SonicWall Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-Fa-p
https://www.cve.org/CVERecord?id=CVE-2023-34137
https://nvd.nist.gov/vuln/detail/CVE-2023-34137

Back to Vulnerability Database