Multiple SonicWALL Products Authentication Bypass Vulnerability Network Vulnerability

Summary

Multiple SonicWALL products including Global Management System (GMS), ViewPoint, Universal Management Appliance (UMA), and Analyzer are prone to an authentication-bypass vulnerability. Attackers can exploit this issue to gain administrative access to the web interface. This allows attackers to execute arbitrary code with SYSTEM privileges that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x

Solution

Vendor updates are available. Please see the references for more information.

References

http://sotiriu.de/adv/NSOADV-2013-001.txt
http://www.securityfocus.com/bid/57445
http://www.sonicwall.com/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1359, CVE-2013-1360

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AdMentor Login Flaw
Admin Bot 'news.php' SQL Injection Vulnerability
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
aflog Cookie-Based Authentication Bypass Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014

Take action and discover your vulnerabilities