CVE-2023-34123

Published Jul 13, 2023

Last updated a year ago

CVSS high 7.5

Overview

Description: Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Source: PSIRT@sonicwall.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-798
PSIRT@sonicwall.com: CWE-321

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:virtual_appliance:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12CB3495-2949-4D79-98F9-2156B0296C94",
            "versionEndExcluding": "9.3.2"
          },
          {
            "criteria": "cpe:2.3:a:sonicwall:global_management_system:*:*:*:*:windows:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6215D18A-7254-453B-93BF-4FFD8417D0AB",
            "versionEndExcluding": "9.3.2"
          },
          {
            "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:virtual_appliance:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F193D8D-EC75-49E4-9510-74534518A276"
          },
          {
            "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:-:*:*:windows:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D33D05B-F776-44C7-BE77-B0656C9449A9"
          },
          {
            "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:virtual_appliance:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C00FB351-6120-4C1B-B621-2D7C1ED13966"
          },
          {
            "criteria": "cpe:2.3:a:sonicwall:global_management_system:9.3.2:sp1:*:*:windows:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "654B1441-A169-499C-B061-8E49535FC60D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3141B9EA-D34E-4F30-B4D8-413505FBEC53",
            "versionEndExcluding": "2.5.0.4"
          },
          {
            "criteria": "cpe:2.3:a:sonicwall:analytics:2.5.0.4-r7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C05380F-06DD-40DE-B5F3-E6E2E188D229"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References