Path Traversal Vulnerability in SonicWall GMS and Analytics
CVE-2023-34125

6.5MEDIUM

Key Information:

Vendor: Sonicwall
Status: Gms; Analytics
Vendor: CVE Published:; 13 July 2023

What is CVE-2023-34125?

A path traversal vulnerability has been identified in SonicWall's GMS and Analytics products, allowing an authenticated attacker to exploit this flaw. By leveraging the vulnerability, attackers can gain unauthorized access to read arbitrary files from the system's underlying filesystem, potentially with root privileges. This includes sensitive information that could compromise the integrity and security of the affected environments, making prompt remediation imperative.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Analytics 2.5.0.4-R7 and earlier versions

GMS 9.3.2-SP1 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

https://www.sonicwall.com/support/notices/230710150218060

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
May 25, 2023

JSON

Sonicwall