CVE-2023-34135

Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier

Description The issue is related to a Path Traversal vulnerability that allows a remote authenticated attacker to read arbitrary files from the underlying file system via a web service. This is due to incorrect restriction of directory path names.

Recommendations For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version later than 9.3.2-SP1 to resolve the issue. For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version later than 2.5.0.4-R7 to resolve the issue. As a temporary workaround, consider restricting access to the web service to minimize the risk of exploitation.