What is CVE-2023-34129?

CVE-2023-34129 is a vulnerability in Sonicwall Analytics, classified under Path Traversal. Published 2023-07-13.

Is CVE-2023-34129 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Sonicwall Analytics

CVE-2023-34129

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.314 (96.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Analytics — versions 2.5.0.4-R7 and earlier versions
Sonicwall Gms — versions 9.3.2-SP1 and earlier versions

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 (vendor-advisory)
www.sonicwall.com/support/notices/230710150218060 (related)

Frequently asked questions

What is CVE-2023-34129?: CVE-2023-34129 is a vulnerability in Sonicwall Analytics, classified under Path Traversal. Published 2023-07-13.
Is CVE-2023-34129 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.