17 matches found
CVE-2023-34124
CVE-2023-34124 affects SonicWall Global Management System (GMS) and Analytics Web Services. The root cause is insufficient authentication checks that allow bypass, impacting GMS versions up to 9.3.2-SP1 and Analytics up to 2.5.0.4-R7 and earlier. The issue enables unauthorized access; multiple co...
CVE-2023-34133
CVE-2023-34133 is an SQL Injection affecting SonicWall GMS and Analytics (GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier). An unauthenticated attacker can extract data from the application database. Public materials reference SQLi in SonicWall GMS/Analytics and mention updated fixes;...
CVE-2023-34123
CVE-2023-34123 describes a hard-coded cryptographic key vulnerability in SonicWall GMS (versions up to 9.3.2-SP1) and SonicWall Analytics (up to 2.5.0.4-R7). Connected PT-Security advisory notes the issue and recommends upgrading to fixed builds; The THN and NCSC/NV references indicate fixes exis...
CVE-2023-34127
CVE-2023-34127 describes an OS Command Injection in SonicWall GMS and SonicWall Analytics. An authenticated attacker can execute arbitrary code with root privileges. Affected products/versions: SonicWall GMS 9.3.2-SP1 and earlier; SonicWall Analytics 2.5.0.4-R7 and earlier. The available descript...
CVE-2023-34137
CVE-2023-34137 concerns an authentication bypass in SonicWall GMS and Analytics due to CAS Web Services using static credentials. Affected: GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier. Consequence: unauthorized access to data/operations via CAS authentication bypass. Mitigation: f...
CVE-2023-34132
CVE-2023-34132 concerns SonicWall GMS and Analytics where authentication uses a password hash instead of the actual password, enabling Pass-the-Hash style attacks. Affected: GMS versions 9.3.2-SP1 and earlier; Analytics versions 2.5.0.4-R7 and earlier. The underlying issue is password-hash based ...
CVE-2023-34134
CVE-2023-34134 affects SonicWall GMS (9.3.2-SP1 and earlier) and Analytics (2.5.0.4-R7 and earlier): an authenticated attacker could read the administrator password hash via a web service call. Root cause is exposure of sensitive information. Remediation: update to SonicWall GMS 9.3.3 and Analyti...
CVE-2023-34130
CVE-2023-34130 affects SonicWall GMS (versions 9.3.2-SP1 and earlier) and SonicWall Analytics (versions 2.5.0.4-R7 and earlier). The root cause is use of an outdated encryption algorithm (TEA) with a hardcoded key to encrypt sensitive data, per the CVE description. The NVD metrics indicate a CRIT...
CVE-2023-34131
The PT-2023-3806 entry confirms SonicWall GMS versions 9.3.2-SP1 and earlier and Analytics 2.5.0.4-R7 and earlier have an exposure vulnerability that allows an unauthenticated attacker to access restricted web pages due to lack of protection for service data. Remediation: upgrade to newer fixed v...
CVE-2023-34135
Summary: CVE-2023-34135 covers a path traversal vulnerability in SonicWall GMS and Analytics. Affected products/versions: SonicWall GMS up to 9.3.2-SP1 and earlier; Analytics up to 2.5.0.4-R7 and earlier. Root cause: insufficient restriction of directory path names in the web service, enabling a ...
CVE-2023-34128
The CVE maps to SonicWall GMS and Analytics where Tomcat credentials are hardcoded in the GMS/Analytics configuration file. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. Root cause: hardcoded Tomcat credentials in the configuration file, which ca...
CVE-2023-34136
SonicWall GMS and Analytics are affected by a file-upload restriction vulnerability. Affected: GMS 9.3.2-SP1 and earlier; Analytics 2.5.0.4-R7 and earlier. Root cause: unauthenticated uploads to restricted locations due to insufficient restrictions. Impact (per sources): potential exposure of dat...
CVE-2023-34129
CVE-2023-34129 describes a Zip Slip path traversal in SonicWall GMS and Analytics. An authenticated attacker can traverse the filesystem and write arbitrary files via the Web Service, potentially achieving root-level impact. Affected versions: SonicWall GMS 9.3.2-SP1 and earlier; Analytics 2.5.0....
CVE-2023-34126
CVE-2023-34126 describes a vulnerability in SonicWall GMS and Analytics where an authenticated attacker can upload files to the underlying filesystem with root privileges. Root cause: insufficient restrictions on uploaded files. Affected versions are SonicWall GMS 9.3.2-SP1 and earlier, and Analy...
CVE-2023-34125
CVE-2023-34125 describes a path traversal vulnerability in SonicWall’s Global Management System (GMS) and Analytics. An authenticated attacker could read arbitrary files from the underlying filesystem with root privileges by exploiting directory-path restrictions. Affected versions include SonicW...
CVE-2022-22280
The CVE-2022-22280 issue is an unauthenticated SQL injection in SonicWall Analytics On-Prem (versions up to 2.5.0.3-2520) and GMS (up to 9.3.1-SP2-Hotfix1), caused by improper neutralization of special elements in SQL commands. The vulnerability can be exploited remotely over the network without ...
CVE-2021-20032
CVE-2021-20032 affects SonicWall Analytics 2.5 On-Prem (versions up to 2.5.2518 and earlier). The vulnerability stems from a security misconfiguration of the Java Debug Wire Protocol (JDWP) interface, enabling potential remote code execution. Multiple sources (NVD, Red Hat, CVE listings, SonicWal...