CVSS: 9.0EPSS: 90%CPEs: 4EXPL: 1CVE-2023-34127 – Sonicwall GMS 9.9.9320 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-34127
13 Jul 2023 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://packetstorm.news/files/id/174571 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34126
https://notcve.org/view.php?id=CVE-2023-34126
13 Jul 2023 — Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 13%CPEs: 4EXPL: 0CVE-2023-34125
https://notcve.org/view.php?id=CVE-2023-34125
13 Jul 2023 — Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 10.0EPSS: 91%CPEs: 4EXPL: 1CVE-2023-34124 – SonicWALL GMS Virtual Appliance HttpDigestAuthenticator Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-34124
13 Jul 2023 — The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpDigestAuthenticator class. The issue results from ... • https://packetstorm.news/files/id/174571 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34123
https://notcve.org/view.php?id=CVE-2023-34123
12 Jul 2023 — Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-20032
https://notcve.org/view.php?id=CVE-2021-20032
10 Aug 2021 — SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. SonicWall Analytics versión 2.5 On-Prem es vulnerable a la vulnerabilidad de seguridad de la interfaz Java Debug Wire Protocol (JDWP) que potencialmente conlleva a una Ejecución de Código Remota. Esta vulnerabilidad afecta a Analytics On-Prem versiones 2.5.2518 y ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0018 • CWE-16: Configuration •