cbcvebase.

Sonicwall Global Management System vulnerabilities

31 known vulnerabilities affecting sonicwall/global_management_system.

Total CVEs
31
CISA KEV
0
Public exploits
8
Exploited in wild
3
Severity breakdown
CRITICAL16HIGH7MEDIUM7LOW1

Vulnerabilities

Page 1 of 2
CVE-2023-34124P1CRITICALCVSS 9.8ExploitedPoCfixed in 9.3.2v9.3.22023-07-13
CVE-2023-34124 [CRITICAL] CWE-305 CVE-2023-34124: The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, al The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34133P1HIGHCVSS 7.5ExploitedPoCfixed in 9.3.2v9.3.22023-07-13
CVE-2023-34133 [HIGH] CWE-89 CVE-2023-34133: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2018-9866P1CRITICALCVSS 9.8Exploited≤ 8.1v8.1 and earlier2018-08-03
CVE-2018-9866 [CRITICAL] CWE-77 CVE-2018-9866: A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
nvd
CVE-2013-1359P1CRITICALCVSS 9.8PoCv4.1v5.0+3 more2020-02-11
CVE-2013-1359 [CRITICAL] CWE-287 CVE-2013-1359: An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management Syst An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain acc
nvd
CVE-2023-34127P1HIGHCVSS 8.8PoCfixed in 9.3.2v9.3.22023-07-13
CVE-2023-34127 [HIGH] CWE-78 CVE-2023-34127: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2013-1360P1CRITICALCVSS 9.8PoCv4.1v5.0+3 more2020-02-11
CVE-2013-1360 [CRITICAL] CWE-287 CVE-2013-1360: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
nvd
CVE-2023-34132P2CRITICALCVSS 9.8PoCfixed in 9.3.2v9.3.22023-07-13
CVE-2023-34132 [CRITICAL] CWE-836 CVE-2023-34132: Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analy Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2014-8420P2CRITICALCVSS 9.0PoCv7.22014-11-25
CVE-2014-8420 [CRITICAL] CWE-20 CVE-2014-8420: The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, Sonic The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors.
nvd
CVE-2023-34129P2HIGHCVSS 8.8fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34129 [HIGH] CWE-22 CVE-2023-34129: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Soni Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier v
nvd
CVE-2021-20020P2CRITICALCVSS 9.8v9.3v9.3 and earlier2021-04-10
CVE-2021-20020 [CRITICAL] CWE-287 CVE-2021-20020: A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to l A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
nvd
CVE-2022-22280P2CRITICALCVSS 9.8fixed in 9.3.1v9.3.12022-07-29
CVE-2022-22280 [CRITICAL] CWE-89 CVE-2022-22280: Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL In Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions.
nvd
CVE-2019-7478P2CRITICALCVSS 9.8v8.4v8.5+4 more2019-12-31
CVE-2019-7478 [CRITICAL] CWE-89 CVE-2019-7478: A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulner A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
nvd
CVE-2016-2397P2CRITICALCVSS 9.8v7.2v8.0+1 more2016-02-17
CVE-2016-2397 [CRITICAL] CWE-77 CVE-2016-2397: The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 befor The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
nvd
CVE-2016-2396P3CRITICALCVSS 9.9v7.2v8.0+1 more2016-02-17
CVE-2016-2396 [CRITICAL] CWE-77 CVE-2016-2396: The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.
nvd
CVE-2023-34136P3CRITICALCVSS 9.8fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34136 [CRITICAL] CWE-434 CVE-2023-34136: Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a re Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34137P3CRITICALCVSS 9.8fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34137 [CRITICAL] CWE-305 CVE-2023-34137: SonicWall GMS and Analytics CAS Web Services application use static values for authentication withou SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34128P3CRITICALCVSS 9.8fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34128 [CRITICAL] CWE-260 CVE-2023-34128: Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34125P3MEDIUMCVSS 6.5fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34125 [MEDIUM] CWE-27 CVE-2023-34125: Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2023-34126P3HIGHCVSS 8.8fixed in 9.3.2v9.3.22023-07-13
CVE-2023-34126 [HIGH] CWE-434 CVE-2023-34126: Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
nvd
CVE-2015-3990P3CRITICALCVSS 9.0≤ 7.22015-05-20
CVE-2015-3990 [CRITICAL] CWE-19 CVE-2015-3990: The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration.
nvd
Sonicwall Global Management System vulnerabilities | cvebase