Exploitation Summary
CVE-2023-34133 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Nuclei Templates (1)
SonicWall GMS and Analytics - SQL Injection
HIGHby theamanrawat
Shodan:
http.favicon.hash:"-1381126564"
FOFA:
icon_hash="-1381126564"
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
Vendor Advisory related
https://www.sonicwall.com/support/notices/230710150218060
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html
Scores
CVSS v3
7.5
EPSS
0.7703
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2023-11-16
CWE
CWE-89
Status
published
Products (3)
sonicwall/analytics
< 2.5.0.4-r7
sonicwall/global_management_system
9.3.2 (2 CPE variants)
sonicwall/global_management_system
< 9.3.2
Published
Jul 13, 2023
Tracked Since
Feb 18, 2026