Vulnerability Details : CVE-2013-1360

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.

Vulnerability category: BypassGain privilege

Published 2020-02-11 16:15:12

Updated 2020-02-13 14:12:06

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-1360

Probability of exploitation activity in the next 30 days: 16.65%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-1360

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2013-1360

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1360

http://www.securityfocus.com/bid/57446

Multiple SonicWALL Products CVE-2013-1360 Authentication Bypass Vulnerability
Third Party Advisory;VDB Entry
https://packetstormsecurity.com/files/cve/CVE-2013-1360

CVE-2013-1360 ≈ Packet Storm
Third Party Advisory;VDB Entry
http://www.exploit-db.com/exploits/24203

SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass - Multiple webapps Exploit
Exploit;Third Party Advisory;VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/81366

DELL SonicWALL GMS/Analyzer/ViewPoint interface security bypass CVE-2013-1360 Vulnerability Report
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1028007

SonicWALL Global Management System Lets Remote Users Bypass Authentication - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2013-1360

Sonicwall » Analyzer » Version: 7.0
cpe:2.3:a:sonicwall:analyzer:7.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Global Management System » Version: 4.1
cpe:2.3:a:sonicwall:global_management_system:4.1:*:*:*:*:*:*:*
Matching versions
Sonicwall » Global Management System » Version: 5.0
cpe:2.3:a:sonicwall:global_management_system:5.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Global Management System » Version: 5.1
cpe:2.3:a:sonicwall:global_management_system:5.1:*:*:*:*:*:*:*
Matching versions
Sonicwall » Global Management System » Version: 6.0
cpe:2.3:a:sonicwall:global_management_system:6.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Global Management System » Version: 7.0
cpe:2.3:a:sonicwall:global_management_system:7.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Universal Management Appliance » Version: 5.1
cpe:2.3:a:sonicwall:universal_management_appliance:5.1:*:*:*:*:*:*:*
Matching versions
Sonicwall » Universal Management Appliance » Version: 6.0
cpe:2.3:a:sonicwall:universal_management_appliance:6.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Universal Management Appliance » Version: 7.0
cpe:2.3:a:sonicwall:universal_management_appliance:7.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Viewpoint » Version: 4.1
cpe:2.3:a:sonicwall:viewpoint:4.1:*:*:*:*:*:*:*
Matching versions
Sonicwall » Viewpoint » Version: 5.0
cpe:2.3:a:sonicwall:viewpoint:5.0:*:*:*:*:*:*:*
Matching versions
Sonicwall » Viewpoint » Version: 6.0
cpe:2.3:a:sonicwall:viewpoint:6.0:*:*:*:*:*:*:*
Matching versions