Published: 11/02/2020 Updated: 14/02/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sonicwall analyzer 7.0
sonicwall global management system 4.1
sonicwall global management system 5.0
sonicwall global management system 5.1
sonicwall global management system 6.0
sonicwall global management system 7.0
sonicwall universal management appliance 5.1
sonicwall universal management appliance 6.0
sonicwall universal management appliance 7.0
sonicwall viewpoint 4.1
sonicwall viewpoint 5.0
sonicwall viewpoint 6.0

#!/usr/bin/perl ## # Title: SonicWALL GMS/VIEWPOINT 6x Analyzer 7x Remote Root/SYSTEM exploit # Name: sgmsRCEpl # Author: Nikolas Sotiriu (lofi) <lofi[at]sotiriude> # # Use it only for education or ethical pentesting! The author accepts # no liability for damage caused by this tool # ## use strict; use HTTP::Reque ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking HttpFingerprint = { :patt ...

CWE-287 http://www.securitytracker.com/id/1028007 http://www.exploit-db.com/exploits/24204 https://packetstormsecurity.com/files/author/7547/https://seclists.org/fulldisclosure/2013/Jan/125 http://www.exploit-db.com/exploits/24322 http://www.securityfocus.com/bid/57445 https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns https://exchange.xforce.ibmcloud.com/vulnerabilities/81367 https://nvd.nist.gov https://www.exploit-db.com/exploits/24204/

CVE-2013-1359

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect