Lucene search

PRIOn knowledge basePRION:CVE-2023-34127

HistoryJul 13, 2023 - 1:15 a.m.

Command injection

2023-07-1301:15:00

PRIOn knowledge base

www.prio-n.com

sonicwall

gms

analytics

command injection

vulnerability

version 9.3.2-sp1

2.5.0.4-r7

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CPENameOperatorVersion
analyticseq<= 2.5.0.4-r7
global_management_systemlt9.3.2
global_management_systemeq9.3.2 sp1
global_management_systemeq9.3.2

Name	Operator	Version
analytics	eq	<= 2.5.0.4-r7
global_management_system	lt	9.3.2
global_management_system	eq	9.3.2 sp1
global_management_system	eq	9.3.2

References

packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

www.sonicwall.com/support/notices/230710150218060