CVE-2023-34137

描述： SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CVE-2023-34137 is an authentication bypass for the CAS Web Services application within the SonicWall Global Management System & Analytics suite. This authentication bypass, which is a hardcoded HMAC SHA-1 secret, was patched alongside 14 other vulnerabilities. Despite the critical impact of a web service authentication bypass, CVE-2023-34137 has limited-to-no exploitation in the wild reported; other similar vulnerabilities from the same patch cycle, such as CVE-2023-34124, received more attacker focus and functioned in the same way within exploit chains.

I’ve rated ‘Attacker Value’ as ‘Very High’, since this authentication bypass can be leveraged with other vulnerabilities to fully compromise systems. I’ve rated ‘Exploitability’ as ‘Very High’ as well, since it’s straightforward to falsify usernames with the hardcoded keys and authenticate.

其他

#attackerkb.com

CVE-2023-34137

http://example.com/2025/07/22/other_1454262447/

作者

lianccc

发布于

2025年7月22日

许可协议

sudo 权限提升漏洞上一篇

CVE-2023-34124 下一篇