CVE-2023-34124
UNKNOWN
Published 2023-07-13T00:14:16.861Z
Actions:
CVSS Score
V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.093
probability
of exploitation in the wild
There is a 9.3% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.947
Higher than 94.7% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Available Exploits
SonicWall GMS and Analytics Web Services - Shell Injection
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions
ID: CVE-2023-34124
Author: iamnoooobrootxharshpdresearch
Critical
References:
- https://raw.githubusercontent.com/rapid7/metasploit-framework/4b130f5be7590d04878f3bda37555e59e733324d/modules/exploits/multi/http/sonicwall_shell_injection_cve_2023_34124.rb
- https://attackerkb.com/topics/Vof5fWs4rx/cve-2023-34127/rapid7-analysis
- https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
- https://github.com/getdrive/PoC/blob/main/2023/Sonicwall_Shell_Injection/sonicwall_shell_injection_cve_2023_34124.rb
- https://nvd.nist.gov/vuln/detail/CVE-2023-34124
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
Affected Versions:
References
Published: 2023-07-13T00:14:16.861Z
Last Modified: 2025-04-08T15:23:32.589Z
Copied to clipboard!