Vulnerabilites related to sonicwall - universal_management_appliance
cve-2013-1360
Vulnerability from cvelistv5
Published
2020-02-11 15:44
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1028007 | x_refsource_MISC | |
http://www.securityfocus.com/bid/57446 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81366 | x_refsource_MISC | |
http://www.exploit-db.com/exploits/24203 | x_refsource_MISC | |
http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html | x_refsource_MISC | |
https://packetstormsecurity.com/files/cve/CVE-2013-1360 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:05.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securitytracker.com/id/1028007", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/57446", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.exploit-db.com/exploits/24203", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-17T00:00:00", descriptions: [ { lang: "en", value: "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-11T15:44:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.securitytracker.com/id/1028007", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/57446", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", }, { tags: [ "x_refsource_MISC", ], url: "http://www.exploit-db.com/exploits/24203", }, { tags: [ "x_refsource_MISC", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-1360", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.securitytracker.com/id/1028007", refsource: "MISC", url: "http://www.securitytracker.com/id/1028007", }, { name: "http://www.securityfocus.com/bid/57446", refsource: "MISC", url: "http://www.securityfocus.com/bid/57446", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", }, { name: "http://www.exploit-db.com/exploits/24203", refsource: "MISC", url: "http://www.exploit-db.com/exploits/24203", }, { name: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", refsource: "MISC", url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", }, { name: "https://packetstormsecurity.com/files/cve/CVE-2013-1360", refsource: "MISC", url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-1360", datePublished: "2020-02-11T15:44:43", dateReserved: "2013-01-14T00:00:00", dateUpdated: "2024-08-06T14:57:05.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1359
Vulnerability from cvelistv5
Published
2020-02-11 16:42
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/57445 | x_refsource_MISC | |
http://www.exploit-db.com/exploits/24204 | x_refsource_MISC | |
http://www.exploit-db.com/exploits/24322 | x_refsource_MISC | |
http://www.securitytracker.com/id/1028007 | x_refsource_MISC | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81367 | x_refsource_MISC | |
https://packetstormsecurity.com/files/author/7547/ | x_refsource_MISC | |
https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns | x_refsource_MISC | |
https://seclists.org/fulldisclosure/2013/Jan/125 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:05.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securityfocus.com/bid/57445", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.exploit-db.com/exploits/24204", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.exploit-db.com/exploits/24322", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securitytracker.com/id/1028007", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://packetstormsecurity.com/files/author/7547/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2013/Jan/125", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-17T00:00:00", descriptions: [ { lang: "en", value: "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-11T16:42:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.securityfocus.com/bid/57445", }, { tags: [ "x_refsource_MISC", ], url: "http://www.exploit-db.com/exploits/24204", }, { tags: [ "x_refsource_MISC", ], url: "http://www.exploit-db.com/exploits/24322", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securitytracker.com/id/1028007", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", }, { tags: [ "x_refsource_MISC", ], url: "https://packetstormsecurity.com/files/author/7547/", }, { tags: [ "x_refsource_MISC", ], url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", }, { tags: [ "x_refsource_MISC", ], url: "https://seclists.org/fulldisclosure/2013/Jan/125", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-1359", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.securityfocus.com/bid/57445", refsource: "MISC", url: "http://www.securityfocus.com/bid/57445", }, { name: "http://www.exploit-db.com/exploits/24204", refsource: "MISC", url: "http://www.exploit-db.com/exploits/24204", }, { name: "http://www.exploit-db.com/exploits/24322", refsource: "MISC", url: "http://www.exploit-db.com/exploits/24322", }, { name: "http://www.securitytracker.com/id/1028007", refsource: "MISC", url: "http://www.securitytracker.com/id/1028007", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", }, { name: "https://packetstormsecurity.com/files/author/7547/", refsource: "MISC", url: "https://packetstormsecurity.com/files/author/7547/", }, { name: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", refsource: "MISC", url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", }, { name: "https://seclists.org/fulldisclosure/2013/Jan/125", refsource: "MISC", url: "https://seclists.org/fulldisclosure/2013/Jan/125", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-1359", datePublished: "2020-02-11T16:42:01", dateReserved: "2013-01-14T00:00:00", dateUpdated: "2024-08-06T14:57:05.116Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-02-11 17:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sonicwall | analyzer | 7.0 | |
sonicwall | global_management_system | 4.1 | |
sonicwall | global_management_system | 5.0 | |
sonicwall | global_management_system | 5.1 | |
sonicwall | global_management_system | 6.0 | |
sonicwall | global_management_system | 7.0 | |
sonicwall | universal_management_appliance | 5.1 | |
sonicwall | universal_management_appliance | 6.0 | |
sonicwall | universal_management_appliance | 7.0 | |
sonicwall | viewpoint | 4.1 | |
sonicwall | viewpoint | 5.0 | |
sonicwall | viewpoint | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*", matchCriteriaId: "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*", matchCriteriaId: "3627733D-E0CD-4E00-8D36-AB4EF784977C", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*", matchCriteriaId: "60563570-4865-4D8B-9E24-A371CABE1BFE", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EFEF89-357C-4EC2-B6A3-C803E64A2227", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*", matchCriteriaId: "CE35F845-3A01-4974-BD7C-88CBE759830D", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*", matchCriteriaId: "CEF95BB8-DF0B-4131-8A89-82DE559CC09B", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*", matchCriteriaId: "0AC115CB-0F22-47C8-86F3-9990058896FA", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*", matchCriteriaId: "160BD653-09A8-4939-9A5D-8EED7B5B4D78", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*", matchCriteriaId: "747153CA-2225-40A3-9C21-E9E62C24892B", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*", matchCriteriaId: "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*", matchCriteriaId: "28C845AC-8B12-4147-A5D7-9D5E4C7953EB", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*", matchCriteriaId: "1589B409-1AF8-4789-90C3-6E1DFA14677E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.", }, { lang: "es", value: "Se presenta una Vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Analyzer versión 7.0, Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0; Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0, 5.1 y 6.0 por medio del parámetro skipSessionCheck en la interfaz UMA (/appliance/), lo que podría permitir a un usuario malicioso remoto obtener acceso a la cuenta root.", }, ], id: "CVE-2013-1359", lastModified: "2024-11-21T01:49:25.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-11T17:15:11.593", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/24204", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/24322", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57445", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028007", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/author/7547/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2013/Jan/125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/24204", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/24322", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/author/7547/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2013/Jan/125", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-11 16:15
Modified
2024-11-21 01:49
Severity ?
Summary
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sonicwall | analyzer | 7.0 | |
sonicwall | global_management_system | 4.1 | |
sonicwall | global_management_system | 5.0 | |
sonicwall | global_management_system | 5.1 | |
sonicwall | global_management_system | 6.0 | |
sonicwall | global_management_system | 7.0 | |
sonicwall | universal_management_appliance | 5.1 | |
sonicwall | universal_management_appliance | 6.0 | |
sonicwall | universal_management_appliance | 7.0 | |
sonicwall | viewpoint | 4.1 | |
sonicwall | viewpoint | 5.0 | |
sonicwall | viewpoint | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*", matchCriteriaId: "7A9ABA5C-59AF-496A-B22E-0C88892EC8FD", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*", matchCriteriaId: "3627733D-E0CD-4E00-8D36-AB4EF784977C", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*", matchCriteriaId: "60563570-4865-4D8B-9E24-A371CABE1BFE", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*", matchCriteriaId: "B2EFEF89-357C-4EC2-B6A3-C803E64A2227", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*", matchCriteriaId: "CE35F845-3A01-4974-BD7C-88CBE759830D", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*", matchCriteriaId: "CEF95BB8-DF0B-4131-8A89-82DE559CC09B", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*", matchCriteriaId: "0AC115CB-0F22-47C8-86F3-9990058896FA", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*", matchCriteriaId: "160BD653-09A8-4939-9A5D-8EED7B5B4D78", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*", matchCriteriaId: "747153CA-2225-40A3-9C21-E9E62C24892B", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*", matchCriteriaId: "FE97B72B-31B2-4E2D-99EE-81A1C645CDF4", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*", matchCriteriaId: "28C845AC-8B12-4147-A5D7-9D5E4C7953EB", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*", matchCriteriaId: "1589B409-1AF8-4789-90C3-6E1DFA14677E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.", }, { lang: "es", value: "Se presenta una vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versión 7.0, Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0 y 6.0, por medio de una petición diseñada en la interfaz SGMS, que podría permitir a un usuario malicioso remoto obtener acceso administrativo.", }, ], id: "CVE-2013-1360", lastModified: "2024-11-21T01:49:25.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-11T16:15:12.227", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/24203", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57446", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028007", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/24203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://packetstormsecurity.com/files/cve/CVE-2013-1360", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }