OS Command Injection vulnerability in SonicWall GMS and SonicWall Analytics allows arbitrary code execution with root privileges

OS Command Injection vulnerability in SonicWall GMS and SonicWall Analytics allows arbitrary code execution with root privileges

CVE-2023-34127 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Learn more about our Web Application Penetration Testing UK.