HTTP: SonicWall GMS and Analytics searchFilter Command Injection
This signature detects attempts to exploit a known vulnerability against SonicWall GMS and Analytics. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Affected Products
Sonicwall global_management_system
Short Name
HTTP:CTS:SONICWL-GMS-ANTS-CI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Analytics CVE-2023-34127 Command GMS Injection SonicWall and searchFilter
Release Date
09/13/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3633
False Positive
Unknown
Vendors
Sonicwall