CVE-2023-34132

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-836
View all →

Vulnerability Description

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

Related Vulnerabilities

CVE-2021-23857

CRITICAL
CVSS:9.8(Critical)

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ...

CWE-8362021

CVE-2023-23450

CRITICAL
CVSS:9.8(Critical)

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote at...

CWE-8362023

CVE-2023-39546

HIGH
CVSS:8.8(High)

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CWE-8362023

CVE-2023-4299

HIGH
CVSS:8.1(High)

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

CWE-8362023

CVE-2021-23857

CRITICAL
CVSS:9.8(Critical)

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ...

CWE-8362021

CVE-2023-23450

CRITICAL
CVSS:9.8(Critical)

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote at...

CWE-8362023