CVE-2013-1359
First published: Tue Feb 11 2020(Updated: )
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWALL Analyzer | =7.0 | |
| SonicWALL Global Management System | =4.1 | |
| SonicWALL Global Management System | =5.0 | |
| SonicWALL Global Management System | =5.1 | |
| SonicWALL Global Management System | =6.0 | |
| SonicWALL Global Management System | =7.0 | |
| Sonicwall Universal Management Appliance | =5.1 | |
| Sonicwall Universal Management Appliance | =6.0 | |
| Sonicwall Universal Management Appliance | =7.0 | |
| Sonicwall Viewpoint | =4.1 | |
| Sonicwall Viewpoint | =5.0 | |
| Sonicwall Viewpoint | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.exploit-db.com/exploits/24204
- http://www.exploit-db.com/exploits/24322
- http://www.securityfocus.com/bid/57445
- http://www.securitytracker.com/id/1028007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81367
- https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns
- https://packetstormsecurity.com/files/author/7547/
- https://seclists.org/fulldisclosure/2013/Jan/125
Frequently Asked Questions
What is CVE-2013-1359?
CVE-2013-1359 is an Authentication Bypass Vulnerability that exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0.
What is the severity of CVE-2013-1359?
The severity of CVE-2013-1359 is critical with a CVSS score of 9.8.
How does the Authentication Bypass Vulnerability in CVE-2013-1359 work?
The vulnerability allows an attacker to bypass authentication by using the skipSessionCheck parameter to the UMA interface.
Which software versions are affected by CVE-2013-1359?
The affected software versions include DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0; and ViewPoint 4.1, 5.0, 5.1, and 6.0.
Are there any known exploits for CVE-2013-1359?
Yes, there are known exploits for CVE-2013-1359. You can find more information about them on the following websites: http://www.exploit-db.com/exploits/24204, http://www.exploit-db.com/exploits/24322, and http://www.securityfocus.com/bid/57445.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/sonicwall
- canonical/sonicwall analyzer
- version/sonicwall analyzer/7.0
- canonical/sonicwall global management system
- version/sonicwall global management system/4.1
- version/sonicwall global management system/5.0
- version/sonicwall global management system/5.1
- version/sonicwall global management system/6.0
- version/sonicwall global management system/7.0
- canonical/sonicwall universal management appliance
- version/sonicwall universal management appliance/5.1
- version/sonicwall universal management appliance/6.0
- version/sonicwall universal management appliance/7.0
- canonical/sonicwall viewpoint
- version/sonicwall viewpoint/4.1
- version/sonicwall viewpoint/5.0
- version/sonicwall viewpoint/6.0