Vulnerabilites related to sonicwall - universal_management_appliance
CVE-2013-1359 (GCVE-0-2013-1359)
Vulnerability from cvelistv5
Published
2020-02-11 16:42
Modified
2024-08-06 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T16:42:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/57445",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57445"
},
{
"name": "http://www.exploit-db.com/exploits/24204",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"name": "http://www.exploit-db.com/exploits/24322",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"name": "http://www.securitytracker.com/id/1028007",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028007"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"name": "https://packetstormsecurity.com/files/author/7547/",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"name": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
"refsource": "MISC",
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"name": "https://seclists.org/fulldisclosure/2013/Jan/125",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1359",
"datePublished": "2020-02-11T16:42:01",
"dateReserved": "2013-01-14T00:00:00",
"dateUpdated": "2024-08-06T14:57:05.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1360 (GCVE-0-2013-1360)
Vulnerability from cvelistv5
Published
2020-02-11 15:44
Modified
2024-08-06 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:44:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitytracker.com/id/1028007",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028007"
},
{
"name": "http://www.securityfocus.com/bid/57446",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/57446"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"name": "http://www.exploit-db.com/exploits/24203",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"name": "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1360",
"datePublished": "2020-02-11T15:44:43",
"dateReserved": "2013-01-14T00:00:00",
"dateUpdated": "2024-08-06T14:57:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-02-11 17:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.0 | |
| sonicwall | global_management_system | 4.1 | |
| sonicwall | global_management_system | 5.0 | |
| sonicwall | global_management_system | 5.1 | |
| sonicwall | global_management_system | 6.0 | |
| sonicwall | global_management_system | 7.0 | |
| sonicwall | universal_management_appliance | 5.1 | |
| sonicwall | universal_management_appliance | 6.0 | |
| sonicwall | universal_management_appliance | 7.0 | |
| sonicwall | viewpoint | 4.1 | |
| sonicwall | viewpoint | 5.0 | |
| sonicwall | viewpoint | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3627733D-E0CD-4E00-8D36-AB4EF784977C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60563570-4865-4D8B-9E24-A371CABE1BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFEF89-357C-4EC2-B6A3-C803E64A2227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE35F845-3A01-4974-BD7C-88CBE759830D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC115CB-0F22-47C8-86F3-9990058896FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "160BD653-09A8-4939-9A5D-8EED7B5B4D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "747153CA-2225-40A3-9C21-E9E62C24892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28C845AC-8B12-4147-A5D7-9D5E4C7953EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1589B409-1AF8-4789-90C3-6E1DFA14677E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account."
},
{
"lang": "es",
"value": "Se presenta una Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en DELL SonicWALL Analyzer versi\u00f3n 7.0, Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0; Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0, 5.1 y 6.0 por medio del par\u00e1metro skipSessionCheck en la interfaz UMA (/appliance/), lo que podr\u00eda permitir a un usuario malicioso remoto obtener acceso a la cuenta root."
}
],
"id": "CVE-2013-1359",
"lastModified": "2024-11-21T01:49:25.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T17:15:11.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/author/7547/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2013/Jan/125"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sonicwall | analyzer | 7.0 | |
| sonicwall | global_management_system | 4.1 | |
| sonicwall | global_management_system | 5.0 | |
| sonicwall | global_management_system | 5.1 | |
| sonicwall | global_management_system | 6.0 | |
| sonicwall | global_management_system | 7.0 | |
| sonicwall | universal_management_appliance | 5.1 | |
| sonicwall | universal_management_appliance | 6.0 | |
| sonicwall | universal_management_appliance | 7.0 | |
| sonicwall | viewpoint | 4.1 | |
| sonicwall | viewpoint | 5.0 | |
| sonicwall | viewpoint | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3627733D-E0CD-4E00-8D36-AB4EF784977C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60563570-4865-4D8B-9E24-A371CABE1BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFEF89-357C-4EC2-B6A3-C803E64A2227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE35F845-3A01-4974-BD7C-88CBE759830D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC115CB-0F22-47C8-86F3-9990058896FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "160BD653-09A8-4939-9A5D-8EED7B5B4D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "747153CA-2225-40A3-9C21-E9E62C24892B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28C845AC-8B12-4147-A5D7-9D5E4C7953EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1589B409-1AF8-4789-90C3-6E1DFA14677E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versi\u00f3n 7.0, Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0 y 6.0, por medio de una petici\u00f3n dise\u00f1ada en la interfaz SGMS, que podr\u00eda permitir a un usuario malicioso remoto obtener acceso administrativo."
}
],
"id": "CVE-2013-1360",
"lastModified": "2024-11-21T01:49:25.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T16:15:12.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/57446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/cve/CVE-2013-1360"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}