CVE-2013-1360

CRITICAL

Sonicwall Analyzer - Authentication Bypass

Title source: rule

Description

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.

Exploits (1)

exploitdb WORKING POC

by Nikolas Sotiriu · textwebappsmultiple

https://www.exploit-db.com/exploits/24203

View Code ZIP pw:eip

References (6)

[Broken Link] http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/24203

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/57446

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1028007

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/81366

[Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/cve/CVE-2013-1360

Scores

CVSS v3 9.8

EPSS 0.5772

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (12)

sonicwall/analyzer 7.0

sonicwall/global_management_system 4.1

sonicwall/global_management_system 5.0

sonicwall/global_management_system 5.1

sonicwall/global_management_system 6.0

sonicwall/global_management_system 7.0

sonicwall/universal_management_appliance 5.1

sonicwall/universal_management_appliance 6.0

sonicwall/universal_management_appliance 7.0

sonicwall/viewpoint 4.1

... and 2 more

Published Feb 11, 2020

Tracked Since Feb 18, 2026