CVE-2023-34134

Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier

Description The issue allows an authenticated attacker to read the administrator password hash via a web service call, due to exposure of sensitive information. This can be exploited by a remote attacker.

Recommendations For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version later than 9.3.2-SP1 to resolve the issue. For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version later than 2.5.0.4-R7 to resolve the issue. As a temporary workaround, consider restricting access to the web service call that allows reading the administrator password hash until a patch is available.