CVE-2013-1359

EUVD-2013-1398
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
sonicwallanalyzer
7.0
sonicwallglobal_management_system
4.1
sonicwallglobal_management_system
5.0
sonicwallglobal_management_system
5.1
sonicwallglobal_management_system
6.0
sonicwallglobal_management_system
7.0
sonicwalluniversal_management_appliance
5.1
sonicwalluniversal_management_appliance
6.0
sonicwalluniversal_management_appliance
7.0
sonicwallviewpoint
4.1
sonicwallviewpoint
5.0
sonicwallviewpoint
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/24204
http://www.exploit-db.com/exploits/24322
http://www.securityfocus.com/bid/57445
http://www.securitytracker.com/id/1028007
https://exchange.xforce.ibmcloud.com/vulnerabilities/81367
https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns
https://packetstormsecurity.com/files/author/7547/
https://seclists.org/fulldisclosure/2013/Jan/125
http://www.exploit-db.com/exploits/24204
http://www.exploit-db.com/exploits/24322
http://www.securityfocus.com/bid/57445
http://www.securitytracker.com/id/1028007
https://exchange.xforce.ibmcloud.com/vulnerabilities/81367
https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns
https://packetstormsecurity.com/files/author/7547/
https://seclists.org/fulldisclosure/2013/Jan/125