PT-2023-5755 · Apache+1 · Apache Tomcat+2
Published
2023-07-12
·
Updated
2023-07-20
·
CVE-2023-34128
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SonicWall GMS versions 9.3.2-SP1 and earlier
SonicWall Analytics versions 2.5.0.4-R7 and earlier
Description
The issue is related to hardcoded Tomcat application credentials in the SonicWall GMS and Analytics configuration file. This could allow a remote attacker to elevate their privileges.
Recommendations
For SonicWall GMS versions 9.3.2-SP1 and earlier, update to a version that does not have the hardcoded credentials.
For SonicWall Analytics versions 2.5.0.4-R7 and earlier, update to a version that does not have the hardcoded credentials.
As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sonicwall Analytics
Sonicwall Gms
Apache Tomcat