Vulnerability in Sonicwall Analytics

CVE-2023-34130

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (34.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Analytics — versions 2.5.0.4-R7 and earlier versions
Sonicwall Gms — versions 9.3.2-SP1 and earlier versions

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010 (vendor-advisory)
www.sonicwall.com/support/notices/230710150218060 (related)