Lucene search

[email protected]NVD:CVE-2023-34126

HistoryJul 13, 2023 - 1:15 a.m.

CVE-2023-34126

2023-07-1301:15:08

CWE-434

[email protected]

web.nvd.nist.gov

sonicwall

gms

analytics

authenticated

upload

root privileges

filesystem

cve-2023-34126

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.0%

JSON

Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Affected configurations

NVD

Node

sonicwallanalyticsRange≤2.5.0.4-r7

sonicwallglobal_management_systemRange<9.3.2

sonicwallglobal_management_systemMatch9.3.2-

sonicwallglobal_management_systemMatch9.3.2sp1

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

www.sonicwall.com/support/notices/230710150218060

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for NVD:CVE-2023-34126

prion1 cve1 cvelist1 attackerkb1