PT-2023-3809 · Sonicwall · Sonicwall Analytics+1
Published
2023-07-12
·
Updated
2023-09-09
·
CVE-2023-34132
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SonicWall GMS versions 9.3.2-SP1 and earlier
SonicWall Analytics versions 2.5.0.4-R7 and earlier
Description
The issue is related to the use of a password hash instead of the actual password for authentication, allowing for Pass-the-Hash attacks. This can enable a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations
For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version that uses proper password authentication instead of password hashes.
For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version that uses proper password authentication instead of password hashes.
As a temporary workaround, consider restricting access to the authentication mechanism that uses password hashes until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicwall Analytics
Sonicwall Gms