CVE-2023-34137

Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier

Description The issue is related to an authentication bypass vulnerability in the SonicWall Analytics and SonicWall Global Management System (GMS) due to the use of static values for authentication without proper checks. This allows a remote attacker to execute arbitrary code. The vulnerability affects the CAS Web Services application.

Recommendations For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version later than 9.3.2-SP1 to resolve the issue. For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version later than 2.5.0.4-R7 to resolve the issue. As a temporary workaround, consider restricting access to the CAS Web Services application until a patch is available.