Vulnerability Details : CVE-2013-1359
Public exploit exists!
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-1359
- cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1359
89.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-1359
-
SonicWALL GMS 6 Arbitrary File Upload
Disclosure Date: 2012-01-17First seen: 2020-04-26exploit/multi/http/sonicwall_gms_uploadThis module exploits a code execution flaw in SonicWALL GMS. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the Web Administration interface allows to abuse the "appliance" application and upload an arbitrary payload embe
CVSS scores for CVE-2013-1359
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2013-1359
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1359
-
http://www.exploit-db.com/exploits/24204
SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Command Execution - Multiple webapps ExploitExploit;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/81367
DELL SonicWALL interface code execution CVE-2013-1359 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/57445
Multiple SonicWALL Products CVE-2013-1359 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/24322
SonicWALL Gms 6 - Arbitrary File Upload (Metasploit) - Multiple remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1028007
SonicWALL Global Management System Lets Remote Users Bypass Authentication - SecurityTrackerThird Party Advisory;VDB Entry
-
https://packetstormsecurity.com/files/author/7547/
Files from Nikolas Sotiriu ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns
Threat Encyclopedia | FortiGuardThird Party Advisory
-
https://seclists.org/fulldisclosure/2013/Jan/125
Full Disclosure: NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/)Exploit;Mailing List;Third Party Advisory
Jump to