CVE-2023-34137

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 13, 2023
Updated: Jul 25, 2023
CWE ID 305
CWE ID 287

Summary

CVE-2023-34137 is a vulnerability affecting SonicWall's GMS and Analytics CAS Web Services. The issue stems from the applications' use of static values for authentication without adequate checks, resulting in an authentication bypass vulnerability. This weakness puts versions 9.3.2-SP1 and earlier of GMS, as well as 2.5.0.4-R7 and earlier of Analytics, at risk. Successful exploitation could grant unauthorized access to the affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • SonicWALL Global Management System

Affected Vendors

  • SonicWall Inc.