CVE-2023-34124

描述： The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

---

CVE-2023-34124 is an authentication bypass for the MSW Web Services application within the SonicWall Global Management System & Analytics suite. This authentication bypass, which is a hardcoded HMAC SHA-1 secret, was patched alongside 14 other vulnerabilities. In the Rapid7 Analysis for CVE-2023-34127, a post-authenticated command injection vulnerability, an exploit chain of the following vulnerabilities is documented, and it includes CVE-2023-34124:

• CVE-2023-34124 Web Service Authentication Bypass
• CVE-2023-34133 Multiple Unauthenticated SQL Injection Issues & Security Filter Bypass
• CVE-2023-34132 Client-Side Hashing Function Allows Pass-the-Hash
• CVE-2023-34127 Post-Authenticated Command Injection

I’ve rated ‘Attacker Value’ as ‘Very High’, since this authentication bypass can be leveraged with other vulnerabilities to fully compromise systems. I’ve rated ‘Exploitability’ as ‘Very High’ as well, since it’s straightforward to generate spoofed hashes with the static secret to bypass authentication.