← Back to CVEs
CVE-2023-34127
HIGH8.8
Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published7/13/2023
Last Modified4/23/2025
Sourcenvd
Honeypot Sightings0
Affected Products
sonicwall:analyticssonicwall:global_management_system
Weaknesses (CWE)
CWE-78CWE-78
References
http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html(PSIRT@sonicwall.com)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010(PSIRT@sonicwall.com)
https://www.sonicwall.com/support/notices/230710150218060(PSIRT@sonicwall.com)
http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010(af854a3a-2127-422b-91ae-364da2661108)
https://www.sonicwall.com/support/notices/230710150218060(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.