CVE-2023-34134
published 2023-07-13CVE-2023-34134: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.17%
63.5th percentile
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analytics | <= 2.5.0.4-r7 | — |
| sonicwall | analytics | — | — |
| sonicwall | global_management_system | < 9.3.2 | 9.3.2 |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
| sonicwall | gms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2023-34134: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administ
vendor_sonicwall·2023-07-13·CVSS 6.5
CVE-2023-34134 [MEDIUM] CWE-200 CVE-2023-34134: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administ
CVE-2023-34134: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
GHSA
GHSA-2qh4-v69r-w9m5: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administ
ghsa_unreviewed·2023-07-13
CVE-2023-34134 [MEDIUM] CWE-200 GHSA-2qh4-v69r-w9m5: Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administ
Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-13
Published