Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
References
Configurations
Configuration 1 (hide)
|
History
08 Sep 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jul 2023, 14:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.sonicwall.com/support/notices/230710150218060 - Vendor Advisory | |
References | (MISC) https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 - Vendor Advisory | |
CPE | cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:*:*:*:* cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:* cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:*:*:*:* cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-78 | |
First Time |
Sonicwall global Management System
Sonicwall analytics Sonicwall |
13 Jul 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 01:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-34127
Mitre link : CVE-2023-34127
CVE.ORG link : CVE-2023-34127
JSON object : View
Products Affected
sonicwall
- analytics
- global_management_system
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')