CVE-2023-34135

MEDIUM

SonicWall GMS & Analytics <9.3.2-SP1 - Path Traversal

Title source: llm

Description

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

References (2)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

[Vendor Advisory] https://www.sonicwall.com/support/notices/230710150218060

Scores

CVSS v3 6.5

EPSS 0.0021

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-36

Status published

Products (3)

sonicwall/analytics < 2.5.0.4-r7

sonicwall/global_management_system 9.3.2 (2 CPE variants)

sonicwall/global_management_system < 9.3.2

Published Jul 13, 2023

Tracked Since Feb 18, 2026