First published: Thu Jul 13 2023(Updated: )
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
Affected Software | Affected Version | How to fix |
---|---|---|
SonicWall Analytics | <=2.5.0.4-r7 | |
SonicWALL Global Management System | <9.3.2 | |
SonicWALL Global Management System | =9.3.2 | |
SonicWALL Global Management System | =9.3.2-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-34124 is critical with a severity value of 9.
SonicWall GMS versions 9.3.2-SP1 and earlier, and Analytics versions 2.5.0.4-R7 and earlier are affected by CVE-2023-34124.
CVE-2023-34124 allows for authentication bypass in SonicWall GMS and Analytics Web Services.
To fix CVE-2023-34124, update SonicWall GMS to version 9.3.2-SP2 or later, and Analytics to version 2.5.0.5 or later.
More information about CVE-2023-34124 can be found at the following references: [link 1](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010), [link 2](https://www.sonicwall.com/support/notices/230710150218060), [link 3](http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html).