MEDIUM🇵🇱 Wersja polska

CVE-2023-34125

CVSS 6.5v3.1pub. 2023-07-13upd. 2024-11-21

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Sonicwall Analytics

    APP
    Sonicwall
    ≤ 2.5.0.4-r7
  • Sonicwall Global Management System

    APP
    Sonicwall
    9.3.2< 9.3.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-34132CRITICAL9.8ten sam produkt

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allow...

CVE-2023-34124CRITICAL9.8ten sam produkt

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing aut...

CVE-2023-34128CRITICAL9.8ten sam produkt

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue aff...

CVE-2023-34130CRITICAL9.8ten sam produkt

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensi...

CVE-2023-34136CRITICAL9.8ten sam produkt

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted l...