Hard-coded password vulnerability in GMS ECM endpoint
CVE-2024-29011

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Gms
Vendor: CVE Published:; 1 May 2024

What is CVE-2024-29011?

A significant authentication bypass vulnerability exists in the GMS ECM endpoint due to the use of a hard-coded password. This flaw allows unauthorized access to the system, exposing sensitive information and compromising overall security. SonicWall recommends affected users to update to the latest version to mitigate any potential risks. Ensure that your system is running the latest patched version to safeguard against this vulnerability.

Affected Version(s)

GMS 9.3.4 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024

JSON

Sonicwall

What is CVE-2024-29011?

Affected Version(s)

References

CVSS V3.1

Timeline