CVE-2023-34134

描述： Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

---

CVE-2023-34134 is an administrator password hash read via an authenticated Web Services API call within the SonicWall Global Management System & Analytics suite. This vulnerability’s severity was rated ‘Critical’ at the time of advisory publication, based on a ‘High’ confidentiality, integrity, and availability impact that was rated using the CVSS 3.0 framework. However, CVE-2023-34134 requires authentication to exploit, and the attack complexity score is also ‘High’, so there are some challenges with this one. When rated using the CVSS 3.1 framework, CVE-2023-34134 comes in at a 7.5 ‘High’ severity, which is more reflective of the authentication prerequisite and complexity rating.

When discussed in the context of the other 14 vulnerabilities from the same patch cycle, CVE-2023-34134 didn’t make the cut for an unauthenticated->remote code execution attack chain; the SQL injection bug CVE-2023-34133 was prioritized for exploitation, since it facilitated an administrator password hash leak while offering additional advantages. However, despite being the perceived lesser bug, CVE-2023-34134 could potentially be leveraged in a similar attack chain for critical impact.

I’ve rated ‘Attacker Value’ as ‘Low’, since there was an alternative vulnerability fixed in the the same patch cycle that attackers would likely prefer to use to read password hashes. I’ve rated ‘Exploitability’ as ‘Medium’, since CVE-2023-34134 can be paired with the authentication bypass and other bugs for critical impact, but complexity requirements hinder exploitability compared to alternatives.