CVE-2013-1359
Summary
| CVE | CVE-2013-1359 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-11 17:15:00 UTC |
| Updated | 2020-02-14 18:13:00 UTC |
| Description | An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sonicwall | Analyzer | 7.0 | All | All | All |
| Application | Sonicwall | Analyzer | 7.0 | All | All | All |
| Application | Sonicwall | Global Management System | 4.1 | All | All | All |
| Application | Sonicwall | Global Management System | 5.0 | All | All | All |
| Application | Sonicwall | Global Management System | 5.1 | All | All | All |
| Application | Sonicwall | Global Management System | 6.0 | All | All | All |
| Application | Sonicwall | Global Management System | 7.0 | All | All | All |
| Application | Sonicwall | Global Management System | 4.1 | All | All | All |
| Application | Sonicwall | Global Management System | 5.0 | All | All | All |
| Application | Sonicwall | Global Management System | 5.1 | All | All | All |
| Application | Sonicwall | Global Management System | 6.0 | All | All | All |
| Application | Sonicwall | Global Management System | 7.0 | All | All | All |
| Application | Sonicwall | Universal Management Appliance | 5.1 | All | All | All |
| Application | Sonicwall | Universal Management Appliance | 6.0 | All | All | All |
| Application | Sonicwall | Universal Management Appliance | 7.0 | All | All | All |
| Application | Sonicwall | Universal Management Appliance | 5.1 | All | All | All |
| Application | Sonicwall | Universal Management Appliance | 6.0 | All | All | All |
| Application | Sonicwall | Universal Management Appliance | 7.0 | All | All | All |
| Application | Sonicwall | Viewpoint | 4.1 | All | All | All |
| Application | Sonicwall | Viewpoint | 5.0 | All | All | All |
| Application | Sonicwall | Viewpoint | 6.0 | All | All | All |
| Application | Sonicwall | Viewpoint | 4.1 | All | All | All |
| Application | Sonicwall | Viewpoint | 5.0 | All | All | All |
| Application | Sonicwall | Viewpoint | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/) | MISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| Multiple.SonicWALL.Products.Authentication.Bypass.Vulns | IPS | FortiGuard | MISC | fortiguard.com | Third Party Advisory |
| SonicWALL Global Management System Lets Remote Users Bypass Authentication - SecurityTracker | MISC | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SonicWALL GMS 6 Arbitrary File Upload | MISC | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass Vulnerability | MISC | www.securityfocus.com | Third Party Advisory, VDB Entry |
| SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x Remote Root/SYSTEM Exploit | MISC | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Files from Nikolas Sotiriu ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | MISC | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.