CVE-2023-34127

2023-07-1301:15:08

CWE-78

[email protected]

web.nvd.nist.gov

sonicwall gms

analytics

os command injection

arbitrary code execution

cve-2023-34127

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

65.4%

JSON

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Affected configurations

Nvd

Node

sonicwallanalyticsRange≤2.5.0.4-r7

sonicwallglobal_management_systemRange<9.3.2

sonicwallglobal_management_systemMatch9.3.2-

sonicwallglobal_management_systemMatch9.3.2sp1

VendorProductVersionCPE
sonicwallanalytics*cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*
sonicwallglobal_management_system*cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:*
sonicwallglobal_management_system9.3.2cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:*
sonicwallglobal_management_system9.3.2cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
sonicwall	analytics	*	cpe:2.3:a:sonicwall:analytics::::::::
sonicwall	global_management_system	*	cpe:2.3:a:sonicwall:global_management_system::::::::
sonicwall	global_management_system	9.3.2	cpe:2.3:a:sonicwall:global_management_system:9.3.2:-::::::
sonicwall	global_management_system	9.3.2	cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1::::::