- Vulnerability/
- ZDI-CAN-20914
ZDI-CAN-20914: ZDI-23-1154: SonicWALL GMS Virtual Appliance Syslog Directory Traversal Remote Code Execution Vulnerability
First published: Mon Aug 21 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWALL Global Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-CAN-20914?
ZDI-CAN-20914 has a high severity rating due to its potential for remote arbitrary code execution.
How can ZDI-CAN-20914 be exploited?
ZDI-CAN-20914 can be exploited by remote attackers who can bypass the existing authentication mechanism.
How do I fix ZDI-CAN-20914?
To fix ZDI-CAN-20914, apply the latest security patches provided by SonicWALL for the GMS Virtual Appliance.
What are the potential impacts of ZDI-CAN-20914?
The impacts of ZDI-CAN-20914 include the potential for unauthorized access and control over the affected SonicWALL GMS Virtual Appliance.
Is user authentication enough to protect against ZDI-CAN-20914?
No, user authentication alone is not sufficient to protect against ZDI-CAN-20914 as the authentication can be bypassed.
- collector/zdi-published
- alias/ZDI-CAN-20914
- agent/severity
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/references
- agent/type
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sonicwall
- canonical/sonicwall global management system