CVE-2023-34129

Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier

Description The issue is due to improper limitation of a pathname to a restricted directory, allowing an authenticated remote attacker to traverse the directory and extract arbitrary files using the Zip Slip method to any location on the underlying filesystem with root privileges.

Recommendations For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version later than 9.3.2-SP1 to resolve the issue. For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version later than 2.5.0.4-R7 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable directory to minimize the risk of exploitation.