Lucene search
HistoryJul 13, 2023 - 1:15 a.m.
CVE-2023-34125
cve-2023-34125
path traversal
gms
analytics
authenticated attacker
arbitrary files
root privileges
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.9%
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected configurations
Node
sonicwallanalyticsRange≤2.5.0.4-r7
ORsonicwallglobal_management_systemRange<9.3.2
ORsonicwallglobal_management_systemMatch9.3.2-
ORsonicwallglobal_management_systemMatch9.3.2sp1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sonicwall | analytics | * | cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:* |
| sonicwall | global_management_system | * | cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:* |
| sonicwall | global_management_system | 9.3.2 | cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:* |
| sonicwall | global_management_system | 9.3.2 | cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:* |
Related
cve
cve
CVE-2023-34125
2023-07-13 01:15:08
cvelist
cvelist
CVE-2023-34125
2023-07-13 00:21:21
prion
prion
Path traversal
2023-07-13 01:15:00
attackerkb
attackerkb
CVE-2023-34127
2023-08-21 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
29.9%
Related for NVD:CVE-2023-34125