SonicWall GMS & Analytics < 9.3.2-SP1/2.5.0.4-R7: Auth Read Admin PW Hash via WS
CVE-2023-34134 Published on July 13, 2023
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-34134 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-34134
stack.watch emails you whenever new vulnerabilities are published in SonicWall Global Management System or SonicWall Analytics. Just hit a watch button to start following.
Affected Versions
SonicWall GMS:- Version 9.3.2-SP1 and earlier versions is affected.
- Version 2.5.0.4-R7 and earlier versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.