Main Vulnerability Database Vulnerabilities #VU78337

#VU78337 Path traversal in SonicWall GMS and SonicWall Analytics - CVE-2023-34129

Published: July 18, 2023 / Updated: August 22, 2023

Vulnerability identifier: #VU78337

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-34129

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SonicWall GMS
SonicWall Analytics

Software vendor:
SonicWall

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges.

Remediation

Install update from vendor's website.

External links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
https://www.sonicwall.com/support/knowledge-base/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/
https://www.zerodayinitiative.com/advisories/ZDI-23-1154/