Vulnerabilites related to sonicwall - universal_management_appliance
cve-2013-1360
Vulnerability from cvelistv5
Published
2020-02-11 15:44
Modified
2024-08-06 14:57
Severity ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:57:05.126Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1028007",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/57446",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.exploit-db.com/exploits/24203",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-01-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-11T15:44:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securitytracker.com/id/1028007",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/57446",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.exploit-db.com/exploits/24203",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-1360",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.securitytracker.com/id/1028007",
                     refsource: "MISC",
                     url: "http://www.securitytracker.com/id/1028007",
                  },
                  {
                     name: "http://www.securityfocus.com/bid/57446",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/bid/57446",
                  },
                  {
                     name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
                     refsource: "MISC",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
                  },
                  {
                     name: "http://www.exploit-db.com/exploits/24203",
                     refsource: "MISC",
                     url: "http://www.exploit-db.com/exploits/24203",
                  },
                  {
                     name: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
                     refsource: "MISC",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
                  },
                  {
                     name: "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
                     refsource: "MISC",
                     url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-1360",
      datePublished: "2020-02-11T15:44:43",
      dateReserved: "2013-01-14T00:00:00",
      dateUpdated: "2024-08-06T14:57:05.126Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-1359
Vulnerability from cvelistv5
Published
2020-02-11 16:42
Modified
2024-08-06 14:57
Severity ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:57:05.116Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/57445",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.exploit-db.com/exploits/24204",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.exploit-db.com/exploits/24322",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1028007",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://packetstormsecurity.com/files/author/7547/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/fulldisclosure/2013/Jan/125",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-01-17T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-11T16:42:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/57445",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.exploit-db.com/exploits/24204",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.exploit-db.com/exploits/24322",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securitytracker.com/id/1028007",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://packetstormsecurity.com/files/author/7547/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://seclists.org/fulldisclosure/2013/Jan/125",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-1359",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.securityfocus.com/bid/57445",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/bid/57445",
                  },
                  {
                     name: "http://www.exploit-db.com/exploits/24204",
                     refsource: "MISC",
                     url: "http://www.exploit-db.com/exploits/24204",
                  },
                  {
                     name: "http://www.exploit-db.com/exploits/24322",
                     refsource: "MISC",
                     url: "http://www.exploit-db.com/exploits/24322",
                  },
                  {
                     name: "http://www.securitytracker.com/id/1028007",
                     refsource: "MISC",
                     url: "http://www.securitytracker.com/id/1028007",
                  },
                  {
                     name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
                     refsource: "MISC",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
                  },
                  {
                     name: "https://packetstormsecurity.com/files/author/7547/",
                     refsource: "MISC",
                     url: "https://packetstormsecurity.com/files/author/7547/",
                  },
                  {
                     name: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
                     refsource: "MISC",
                     url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
                  },
                  {
                     name: "https://seclists.org/fulldisclosure/2013/Jan/125",
                     refsource: "MISC",
                     url: "https://seclists.org/fulldisclosure/2013/Jan/125",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-1359",
      datePublished: "2020-02-11T16:42:01",
      dateReserved: "2013-01-14T00:00:00",
      dateUpdated: "2024-08-06T14:57:05.116Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2020-02-11 17:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
cve@mitre.orghttp://www.exploit-db.com/exploits/24204Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.exploit-db.com/exploits/24322Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/57445Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1028007Third Party Advisory, VDB Entry
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/81367Third Party Advisory, VDB Entry
cve@mitre.orghttps://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulnsThird Party Advisory
cve@mitre.orghttps://packetstormsecurity.com/files/author/7547/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://seclists.org/fulldisclosure/2013/Jan/125Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/24204Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/24322Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57445Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028007Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/81367Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulnsThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://packetstormsecurity.com/files/author/7547/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/fulldisclosure/2013/Jan/125Exploit, Mailing List, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3627733D-E0CD-4E00-8D36-AB4EF784977C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "60563570-4865-4D8B-9E24-A371CABE1BFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2EFEF89-357C-4EC2-B6A3-C803E64A2227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE35F845-3A01-4974-BD7C-88CBE759830D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AC115CB-0F22-47C8-86F3-9990058896FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "160BD653-09A8-4939-9A5D-8EED7B5B4D78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "747153CA-2225-40A3-9C21-E9E62C24892B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "28C845AC-8B12-4147-A5D7-9D5E4C7953EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1589B409-1AF8-4789-90C3-6E1DFA14677E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.",
      },
      {
         lang: "es",
         value: "Se presenta una Vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Analyzer versión 7.0, Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0; Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0, 5.1 y 6.0 por medio del parámetro skipSessionCheck en la interfaz UMA (/appliance/), lo que podría permitir a un usuario malicioso remoto obtener acceso a la cuenta root.",
      },
   ],
   id: "CVE-2013-1359",
   lastModified: "2024-11-21T01:49:25.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-11T17:15:11.593",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.exploit-db.com/exploits/24204",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.exploit-db.com/exploits/24322",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/57445",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1028007",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://packetstormsecurity.com/files/author/7547/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/fulldisclosure/2013/Jan/125",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.exploit-db.com/exploits/24204",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.exploit-db.com/exploits/24322",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/57445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1028007",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://packetstormsecurity.com/files/author/7547/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/fulldisclosure/2013/Jan/125",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3627733D-E0CD-4E00-8D36-AB4EF784977C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "60563570-4865-4D8B-9E24-A371CABE1BFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2EFEF89-357C-4EC2-B6A3-C803E64A2227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CE35F845-3A01-4974-BD7C-88CBE759830D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CEF95BB8-DF0B-4131-8A89-82DE559CC09B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AC115CB-0F22-47C8-86F3-9990058896FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "160BD653-09A8-4939-9A5D-8EED7B5B4D78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "747153CA-2225-40A3-9C21-E9E62C24892B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "28C845AC-8B12-4147-A5D7-9D5E4C7953EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1589B409-1AF8-4789-90C3-6E1DFA14677E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versión 7.0, Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0 y 6.0, por medio de una petición diseñada en la interfaz SGMS, que podría permitir a un usuario malicioso remoto obtener acceso administrativo.",
      },
   ],
   id: "CVE-2013-1360",
   lastModified: "2024-11-21T01:49:25.667",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-11T16:15:12.227",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.exploit-db.com/exploits/24203",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/57446",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1028007",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.exploit-db.com/exploits/24203",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/57446",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1028007",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}