CRITICAL🇵🇱 Wersja polska

CVE-2023-34130

CVSS 9.8v3.1pub. 2023-07-13upd. 2024-11-21

SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Analytics

    APP
    Sonicwall
    ≤ 2.5.0.4-r7
  • Sonicwall Global Management System

    APP
    Sonicwall
    9.3.2< 9.3.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-34136CRITICAL9.8ten sam produkt

Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted l...

CVE-2023-34124CRITICAL9.8ten sam produkt

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing aut...

CVE-2023-34128CRITICAL9.8ten sam produkt

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue aff...

CVE-2023-34132CRITICAL9.8ten sam produkt

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allow...

CVE-2023-34137CRITICAL9.8ten sam produkt

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper c...