Lucene search

PRIOn knowledge basePRION:CVE-2023-34129

HistoryJul 13, 2023 - 2:15 a.m.

Path traversal

2023-07-1302:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

directory traversal

remote attack

zip slip

filesystem vulnerability

8.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CPENameOperatorVersion
analyticseq<= 2.5.0.4-r7
global_management_systemlt9.3.2
global_management_systemeq9.3.2 sp1
global_management_systemeq9.3.2

Name	Operator	Version
analytics	eq	<= 2.5.0.4-r7
global_management_system	lt	9.3.2
global_management_system	eq	9.3.2 sp1
global_management_system	eq	9.3.2

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

www.sonicwall.com/support/notices/230710150218060