SonicWall GMS 9.3.2-SP1 & Analytics 2.5.0.4-R7 pre-auth bypass via static cred
CVE-2023-34137 Published on July 13, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Weakness Type
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Products Associated with CVE-2023-34137
stack.watch emails you whenever new vulnerabilities are published in SonicWall Global Management System or SonicWall Analytics. Just hit a watch button to start following.
Affected Versions
SonicWall GMS:- Version 9.3.2-SP1 and earlier versions is affected.
- Version 2.5.0.4-R7 and earlier versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.