Limited Black Friday Offer:

SonicWall GMS and Analytics Web Services - Shell Injection CVE-2023-34124 Scanner

There is a shell injection vulnerability found on SonicWall GMS and Analytics Web Services. Unauthenticated users can run codes on the webservice.

Short Info

Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

SonicWall GMS and Analytics Web Services - Shell Injection CVE-2023-34124 Scanner Detail

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
https://www.sonicwall.com/support/notices/230710150218060