Lucene search
+L

289 matches found

Vulnrichment
Vulnrichment
added 2023/07/13 2:24 a.m.16 views

CVE-2023-34132

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.3AI score0.0768EPSS
Exploits1References3
CVE
CVE
added 2023/07/13 2:24 a.m.181 views

CVE-2023-34132

CVE-2023-34132 concerns SonicWall GMS and Analytics where authentication uses a password hash instead of the actual password, enabling Pass-the-Hash style attacks. Affected: GMS versions 9.3.2-SP1 and earlier; Analytics versions 2.5.0.4-R7 and earlier. The underlying issue is password-hash based ...

9.8CVSS9.7AI score0.0768EPSS
In wildExploits1References3Affected Software2
Cvelist
Cvelist
added 2023/07/13 2:20 a.m.32 views

CVE-2023-34131

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.5AI score0.00828EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 2:20 a.m.13 views

CVE-2023-34131

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.6AI score0.00828EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 2:20 a.m.166 views

CVE-2023-34131

The PT-2023-3806 entry confirms SonicWall GMS versions 9.3.2-SP1 and earlier and Analytics 2.5.0.4-R7 and earlier have an exposure vulnerability that allows an unauthenticated attacker to access restricted web pages due to lack of protection for service data. Remediation: upgrade to newer fixed v...

5.3CVSS6.1AI score0.00828EPSS
In wildExploits0References2Affected Software2
NVD
NVD
added 2023/07/13 2:15 a.m.26 views

CVE-2023-34129

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root...

8.8CVSS0.41155EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 2:15 a.m.4 views

CVE-2023-34129

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root...

8.8CVSS5.9AI score0.41155EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 2:15 a.m.23 views

Hardcoded credentials

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm TEA with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.5CVSS9.3AI score0.00311EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2023/07/13 1:15 a.m.25 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS0.00707EPSS
Exploits0References2
OSV
OSV
added 2023/07/13 1:15 a.m.6 views

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.00707EPSS
Exploits0References2
NVD
NVD
added 2023/07/13 1:15 a.m.40 views

CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS0.44715EPSS
Exploits2References3
OSV
OSV
added 2023/07/13 1:15 a.m.2 views

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

8.8CVSS5.8AI score0.00759EPSS
Exploits0References2
NVD
NVD
added 2023/07/13 1:15 a.m.20 views

CVE-2023-34126

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

8.8CVSS0.00759EPSS
Exploits0References2
NVD
NVD
added 2023/07/13 1:15 a.m.54 views

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

8.8CVSS0.86469EPSS
Exploits1References3
NVD
NVD
added 2023/07/13 1:15 a.m.15 views

CVE-2023-34125

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.5CVSS0.25374EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 1:15 a.m.38 views

Authentication flaw

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.5CVSS9.5AI score0.44715EPSS
Exploits2References3Affected Software2
Prion
Prion
added 2023/07/13 1:15 a.m.21 views

Design/Logic Flaw

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.5CVSS8.8AI score0.00759EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/07/13 1:15 a.m.21 views

Hardcoded credentials

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

7.5CVSS9.4AI score0.00707EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/07/13 1:15 a.m.31 views

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

6.5CVSS9.5AI score0.86469EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2023/07/13 1:15 a.m.18 views

Path traversal

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

4CVSS7AI score0.25374EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder