CVE-2023-34126

Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier

Description The issue is related to a lack of restrictions on file uploads in SonicWall Analytics and SonicWall Global Management System (GMS), allowing a remote attacker to upload files to the underlying filesystem with root privileges. This can be exploited by an authenticated attacker.

Recommendations For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version later than 9.3.2-SP1 to resolve the issue. For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version later than 2.5.0.4-R7 to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.