Path Traversal Vulnerability in SonicWall GMS and Analytics
CVE-2023-34125

6.5MEDIUM

Key Information:

Vendor: Sonicwall
Status: Gms; Analytics
Vendor: CVE Published:; 13 July 2023

Summary

A path traversal vulnerability has been identified in SonicWall's GMS and Analytics products, allowing an authenticated attacker to exploit this flaw. By leveraging the vulnerability, attackers can gain unauthorized access to read arbitrary files from the system's underlying filesystem, potentially with root privileges. This includes sensitive information that could compromise the integrity and security of the affected environments, making prompt remediation imperative.

Affected Version(s)

Analytics 2.5.0.4-R7 and earlier versions

GMS 9.3.2-SP1 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

https://www.sonicwall.com/support/notices/230710150218060

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
May 25, 2023