Cyber Resilience

CVE-2023-34127

HighPublic PoCRCE

Published: 13 July 2023

Published
13 July 2023
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9058 99.6th percentile
Risk Priority 72 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-34127 is a high-severity OS Command Injection (CWE-78) vulnerability in Sonicwall Global Management System. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-34127 is an OS command injection vulnerability, tracked as CWE-78, that affects SonicWall Global Management System (GMS) versions 9.3.2-SP1 and earlier as well as SonicWall Analytics versions 2.5.0.4-R7 and earlier. The flaw permits improper neutralization of special elements in operating system commands, which can be leveraged to run arbitrary commands.

An authenticated attacker with network access can exploit the issue without user interaction. Successful exploitation grants the ability to execute arbitrary code with root privileges on the affected appliance, resulting in full confidentiality, integrity, and availability impact as reflected in the CVSS 8.8 score.

SonicWall has published advisory SNWLID-2023-0010 and a corresponding support notice that address the vulnerability and direct customers to remediation steps for the listed GMS and Analytics releases. Public exploit code referencing the affected versions has also been posted to Packet Storm.

The associated EPSS score stands at 0.9058 with an identical recorded peak, indicating sustained high exploitation probability since disclosure.

EU & UK References

Vulnerability details

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7…

more

and earlier versions.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sonicwall
analytics
≤ 2.5.0.4-r7
sonicwall
global management system
9.3.2 · ≤ 9.3.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References