Multiple SonicWALL Products Authentication Bypass Vulnerability Network Vulnerability

Summary

Multiple SonicWALL products including Global Management System (GMS), ViewPoint, Universal Management Appliance (UMA), and Analyzer are prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain administrative access to the web interface. This allows attackers to execute arbitrary code with SYSTEM privileges that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x

Solution

Vendor updates are available. Please see the references for more information.

References

http://sotiriu.de/adv/NSOADV-2013-001.txt
http://www.securityfocus.com/bid/57445
http://www.sonicwall.com/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1359, CVE-2013-1360

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

b2Evolution title SQL Injection
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
A Really Simple Chat Multiple SQL Injection Vulnerabilities
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability

Take action and discover your vulnerabilities