What is CVE-2023-34124?

CVE-2023-34124 is a vulnerability in Sonicwall Analytics, classified under Authentication Bypass by Primary Weakness. Published 2023-07-13.

Is CVE-2023-34124 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sonicwall Analytics

CVE-2023-34124

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

EPSS: 0.913 (99.7th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Analytics — versions 2.5.0.4-R7 and earlier versions
Sonicwall Gms — versions 9.3.2-SP1 and earlier versions

Weakness classification (CWE)

CWE-305 — Authentication Bypass by Primary Weakness

Public proof-of-concept exploits

rapid7/metasploit-framework
getdrive/PoC

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 (vendor-advisory)
www.sonicwall.com/support/notices/230710150218060 (related)
packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Executi…

Frequently asked questions

What is CVE-2023-34124?: CVE-2023-34124 is a vulnerability in Sonicwall Analytics, classified under Authentication Bypass by Primary Weakness. Published 2023-07-13.
Is CVE-2023-34124 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.