Main Vulnerability Database Exploits ID:9305 - Exploit for Use of Password Hash Instead of Password for Authentication in SonicWall GMS and SonicWall Analytics - CVE-2023-34132

ID:9305 - Exploit for Use of Password Hash Instead of Password for Authentication in SonicWall GMS and SonicWall Analytics - CVE-2023-34132

Published: September 8, 2023

Vulnerability identifier: #VU78340

Vulnerability risk: Medium

CVE-ID: CVE-2023-34132

CWE-ID: CWE-836

Exploitation vector: Remote access

Vulnerable software:
SonicWall GMS
SonicWall Analytics

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/http/sonicwall_shell_injection_cve_2023_34124

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of password hash instead of password for authentication. A remote attacker can gain access to sensitive information on the system.

Remediation

Install updates from vendor's website.

ID:9305 - Exploit for Use of Password Hash Instead of Password for Authentication in SonicWall GMS and SonicWall Analytics - CVE-2023-34132

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human