CVSS: 9.0EPSS: 91%CPEs: 4EXPL: 1CVE-2023-34127 – Sonicwall GMS 9.9.9320 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-34127
13 Jul 2023 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://packetstorm.news/files/id/174571 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34126
https://notcve.org/view.php?id=CVE-2023-34126
13 Jul 2023 — Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34125
https://notcve.org/view.php?id=CVE-2023-34125
13 Jul 2023 — Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 10.0EPSS: 62%CPEs: 4EXPL: 1CVE-2023-34124 – SonicWALL GMS Virtual Appliance HttpDigestAuthenticator Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-34124
13 Jul 2023 — The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpDigestAuthenticator class. The issue results from ... • https://packetstorm.news/files/id/174571 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-34123
https://notcve.org/view.php?id=CVE-2023-34123
12 Jul 2023 — Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20030
https://notcve.org/view.php?id=CVE-2021-20030
13 Oct 2022 — SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. SonicWall GMS es vulnerable a la manipulación de rutas de archivos, lo que hace que un atacante no autenticado pueda acceder al directorio web que contiene los archivos binarios y de configuración de la aplicación • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0021 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2022-22280
https://notcve.org/view.php?id=CVE-2022-22280
29 Jul 2022 — Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. Una Neutralización Inadecuada de Elementos Especiales usados en un Comando SQL conllevando a una vulnerabilidad de inyección SQL no autenticada, que afecta a SonicWall GMS versión 9.3.1-SP2-Hotfix1, Analytics On-Prem versiones 2.5.0.3-2520 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2021-20020
https://notcve.org/view.php?id=CVE-2021-20020
10 Apr 2021 — A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. Una vulnerabilidad de ejecución de comandos en SonicWall GMS versión 9.3, permite a un atacante remoto no autenticado escalar localmente privilegios a root • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0009 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 89%CPEs: 12EXPL: 6CVE-2013-1359 – SonicWALL Gms 6 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-1359
11 Feb 2020 — An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. Se presenta una Vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Analyzer versión 7.0, Global Management System (GMS) versio... • https://www.exploit-db.com/exploits/24322 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 57%CPEs: 12EXPL: 2CVE-2013-1360 – SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-1360
11 Feb 2020 — An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. Se presenta una vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versión 7.0, Univer... • https://www.exploit-db.com/exploits/24203 • CWE-287: Improper Authentication •