CVE-2023-34133
published 2023-07-13CVE-2023-34133: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
77.03%
99.5th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analytics | <= 2.5.0.4-r7 | — |
| sonicwall | analytics | — | — |
| sonicwall | global_management_system | < 9.3.2 | 9.3.2 |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
| sonicwall | gms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/ws/msw/tenant/
command' union select (select ID from SGMSDB.DOMAINS), '', '', '', '', '', (select MD5({{num}})),'', '', '
- →The SQL injection payload targets the /ws/msw/tenant/ endpoint with a UNION-based injection against the SGMSDB.DOMAINS table. Detect unauthenticated GET requests to this path containing UNION SELECT or MD5 SQL keywords in the URL.
- →The vulnerability is exploitable unauthenticated and is chained with auth bypass and shell injection (CVE-2023-34124) to achieve RCE on SonicWall GMS <= 9.9.9320. Correlate exploitation attempts across these CVEs. ↗
- →The SQL injection response can be matched by checking the HTTP response body for the MD5 hash of the injected numeric value (999999999), confirming successful UNION-based data extraction.
- ·Affected versions are GMS 9.3.2-SP1 and earlier, and Analytics 2.5.0.4-R7 and earlier. The Metasploit module targets GMS versions <= 9.9.9320, suggesting a broader version range may be exploitable in chained attack scenarios. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj6c-q4g4-xwj5: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenti
ghsa_unreviewed·2023-07-13
CVE-2023-34133 [HIGH] CWE-89 GHSA-gj6c-q4g4-xwj5: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenti
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
VulnCheck
SonicWall analytics Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2023·CVSS 7.5
CVE-2023-34133 [HIGH] SonicWall analytics Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SonicWall analytics Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected: SonicWall analytics
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-16&host_type=src&vulnerability=cve-2023-34133; https://dashboard.
SonicWall
CVE-2023-34133: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenti
vendor_sonicwall·2023-07-13·CVSS 7.5
CVE-2023-34133 [HIGH] CWE-89 CVE-2023-34133: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenti
CVE-2023-34133: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
No detection rules found.
Nuclei
SonicWall GMS and Analytics - SQL Injection
nuclei·CVSS 7.5
CVE-2023-34133 [HIGH] SonicWall GMS and Analytics - SQL Injection
SonicWall GMS and Analytics - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Template:
id: CVE-2023-34133
info:
name: SonicWall GMS and Analytics - SQL Injection
author: theamanrawat
severity: high
description: |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; An
Metasploit
Sonicwall
metasploit
Sonicwall
Sonicwall
This module exploits a series of vulnerabilities - including auth bypass, SQL injection, and shell injection - to obtain remote code execution on SonicWall GMS versions <= 9.9.9320.
http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010https://www.sonicwall.com/support/notices/230710150218060http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010https://www.sonicwall.com/support/notices/230710150218060
2023-07-13
Published
Exploited in the wild