CVE-2023-34124 PoC — SonicWALL Analytics和GMS 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-34124.yaml

Associated Vulnerability

Title:SonicWALL Analytics和GMS 授权问题漏洞 (CVE-2023-34124)
Description:SonicWALL Analytics和SonicWALL GMS都是美国SonicWALL公司的产品。SonicWALL Analytics是一款适用于网络的高性能管理和报告引擎。SonicWALL GMS是一个全球管理系统。为组织、分布式企业和服务提供商提供强大而直观的解决方案，以集中管理和快速部署 SonicWall 防火墙、反垃圾邮件、备份和恢复以及安全远程访问解决方案。 SonicWALL Analytics和GMS 存在安全漏洞，该漏洞源于 Web Services 检查不足，导致身份验证被绕

Description

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions

File Snapshot


 id: CVE-2023-34124

info:
  name: SonicWall GMS and Analytics Web Services - Shell Injection
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!