Path Traversal Vulnerability in SonicWall GMS and Analytics
CVE-2023-34135

6.5MEDIUM

Key Information:

Vendor: Sonicwall
Status: Gms; Analytics
Vendor: CVE Published:; 13 July 2023

Summary

A Path Traversal vulnerability in SonicWall's GMS and Analytics products enables remote authenticated attackers to access arbitrary files on the server's file system through the web service interface. This flaw poses a significant risk as it allows unauthorized users to potentially exploit sensitive data. Affected users are strongly advised to upgrade to the latest software versions to mitigate the risks associated with this security issue.

Affected Version(s)

Analytics 2.5.0.4-R7 and earlier versions

GMS 9.3.2-SP1 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

https://www.sonicwall.com/support/notices/230710150218060

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
May 25, 2023