CVE-2013-1359
CRITICALSonicwall Analyzer - Authentication Bypass
Title source: ruleDescription
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/24322
exploitdb
WORKING POC
by Nikolas Sotiriu · perlwebappsmultiple
https://www.exploit-db.com/exploits/24204
metasploit
WORKING POC
EXCELLENT
by Nikolas Sotiriu · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sonicwall_gms_upload.rb
References (8)
Scores
CVSS v3
9.8
EPSS
0.8947
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (12)
sonicwall/analyzer
7.0
sonicwall/global_management_system
4.1
sonicwall/global_management_system
5.0
sonicwall/global_management_system
5.1
sonicwall/global_management_system
6.0
sonicwall/global_management_system
7.0
sonicwall/universal_management_appliance
5.1
sonicwall/universal_management_appliance
6.0
sonicwall/universal_management_appliance
7.0
sonicwall/viewpoint
4.1
... and 2 more
Published
Feb 11, 2020
Tracked Since
Feb 18, 2026