CVE-2023-34124

CRITICAL EXPLOITED NUCLEI

SonicWall GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Auth Bypass

Title source: llm

Exploitation Summary

CVE-2023-34124 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including fulmetalpackets <[email protected]>, Ron Bowes <[email protected]>, including a Metasploit module exploits/multi/http/sonicwall_shell_injection_cve_2023_34124. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits multiple vulnerabilities (auth bypass, SQL injection, and shell injection) in SonicWall GMS versions <= 9.9.9320 to achieve remote code execution. It leverages CVE-2023-34133 (SQLi) and CVE-2023-34124 (auth bypass) to extract credentials and execute payloads.

Description

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Exploits (1)

metasploit WORKING POC EXCELLENT

by fulmetalpackets <[email protected]>, Ron Bowes <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sonicwall_shell_injection_cve_2023_34124.rb

View Code ZIP pw:eip

This Metasploit module exploits multiple vulnerabilities (auth bypass, SQL injection, and shell injection) in SonicWall GMS versions <= 9.9.9320 to achieve remote code execution. It leverages CVE-2023-34133 (SQLi) and CVE-2023-34124 (auth bypass) to extract credentials and execute payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SonicWall GMS <= 9.9.9320

No auth needed

Prerequisites: Network access to target · Vulnerable SonicWall GMS instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SonicWall GMS and Analytics Web Services - Shell Injection

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.favicon.hash:-1381126564

FOFA: icon_hash=-1381126564

References (3)

Core 3

Core References

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html

Vendor Advisory vendor-advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

Vendor Advisory related

https://www.sonicwall.com/support/notices/230710150218060

Scores

CVSS v3 9.8

EPSS 0.4089

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-10-17

CWE

CWE-305 CWE-287

Status published

Products (3)

sonicwall/analytics < 2.5.0.4-r7

sonicwall/global_management_system 9.3.2 (2 CPE variants)

sonicwall/global_management_system < 9.3.2

Published Jul 13, 2023

Tracked Since Feb 18, 2026