CVE-2023-34137

CRITICAL

SonicWall GMS <9.3.2-SP1 & Analytics <2.5.0.4-R7 - Auth Bypass

Title source: llm

Description

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

References (2)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010

[Vendor Advisory] https://www.sonicwall.com/support/notices/230710150218060

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 22.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-305 CWE-287

Status published

Products (3)

sonicwall/analytics < 2.5.0.4-r7

sonicwall/global_management_system 9.3.2 (2 CPE variants)

sonicwall/global_management_system < 9.3.2

Published Jul 13, 2023

Tracked Since Feb 18, 2026