CVE-2023-34128

CRITICAL

SonicWall GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Info Disclosure

Title source: llm

Description

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

References (2)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

[Vendor Advisory] https://www.sonicwall.com/support/notices/230710150218060

Scores

CVSS v3 9.8

EPSS 0.0021

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-260 CWE-522

Status published

Affected Products (4)

sonicwall/analytics < 2.5.0.4-r7

sonicwall/global_management_system < 9.3.2

sonicwall/global_management_system

Timeline

Published Jul 13, 2023

Tracked Since Feb 18, 2026