CVE-2023-34129
N/A
N/A
Summary
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SonicWall | GMS | 9.3.2-SP1 and earlier versions | affected |
| SonicWall | Analytics | 2.5.0.4-R7 and earlier versions | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
- https://www.sonicwall.com/support/notices/230710150218060
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
- https://www.sonicwall.com/support/notices/230710150218060
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.