Sign-up

ID

VAR-202002-0533


CVE

CVE-2013-1360


TITLE

plural SonicWALL Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-007212

DESCRIPTION

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can exploit this issue to gain administrative access to the web interface that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products

Trust: 1.98

sources: NVD: CVE-2013-1360 // JVNDB: JVNDB-2013-007212 // BID: 57446 // VULHUB: VHN-61362

AFFECTED PRODUCTS

vendor:sonicwallmodel:analyzerscope:eqversion:7.0

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:4.1

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:5.0

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:5.1

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:6.0

Trust: 1.8

vendor:sonicwallmodel:global management systemscope:eqversion:7.0

Trust: 1.8

vendor:sonicwallmodel:universal management appliancescope:eqversion:5.1

Trust: 1.8

vendor:sonicwallmodel:universal management appliancescope:eqversion:6.0

Trust: 1.8

vendor:sonicwallmodel:universal management appliancescope:eqversion:7.0

Trust: 1.8

vendor:sonicwallmodel:viewpointscope:eqversion:4.1

Trust: 1.8

vendor:sonicwallmodel:viewpointscope:eqversion:5.0

Trust: 1.8

vendor:sonicwallmodel:viewpointscope:eqversion:6.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-007212 // NVD: CVE-2013-1360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1360
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2013-007212
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201301-376
value: CRITICAL

Trust: 0.6

VULHUB: VHN-61362
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1360
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2013-007212
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-61362
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2013-1360
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2013-007212
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-61362 // JVNDB: JVNDB-2013-007212 // CNNVD: CNNVD-201301-376 // NVD: CVE-2013-1360

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-61362 // JVNDB: JVNDB-2013-007212 // NVD: CVE-2013-1360

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-376

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201301-376

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-007212

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-61362

PATCH
title:Top Pageurl:https://www.sonicwall.com/
Trust: 0.8
title:Multiple SonicWALL Product verification bypass fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108874
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-007212 // 
            
            
            
            CNNVD: CNNVD-201301-376

EXTERNAL IDS
db:NVDid:CVE-2013-1360
Trust: 2.8
db:SECTRACKid:1028007
Trust: 2.5
db:BIDid:57446
Trust: 2.0
db:EXPLOIT-DBid:24203
Trust: 1.7
db:JVNDBid:JVNDB-2013-007212
Trust: 0.8
db:CNNVDid:CNNVD-201301-376
Trust: 0.7
db:SEEBUGid:SSVID-77936
Trust: 0.1
db:PACKETSTORMid:119639
Trust: 0.1
db:VULHUBid:VHN-61362
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61362 // 
            
            
            
            BID: 57446 // 
            
            
            
            JVNDB: JVNDB-2013-007212 // 
            
            
            
            CNNVD: CNNVD-201301-376 // 
            
            
            
            NVD: CVE-2013-1360

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html
Trust: 1.7
url:http://www.exploit-db.com/exploits/24203
Trust: 1.7
url:http://www.securityfocus.com/bid/57446
Trust: 1.7
url:http://www.securitytracker.com/id/1028007
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/81366
Trust: 1.7
url:https://packetstormsecurity.com/files/cve/cve-2013-1360
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2013-1360
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1360
Trust: 0.8
url:https://securitytracker.com/id/1028007
Trust: 0.8
sources:
            
            
            VULHUB: VHN-61362 // 
            
            
            
            JVNDB: JVNDB-2013-007212 // 
            
            
            
            CNNVD: CNNVD-201301-376 // 
            
            
            
            NVD: CVE-2013-1360

CREDITS
Nikolas Sotiriu
Trust: 0.9
sources:
            
            
            BID: 57446 // 
            
            
            
            CNNVD: CNNVD-201301-376

SOURCES
db:VULHUBid:VHN-61362
db:BIDid:57446
db:JVNDBid:JVNDB-2013-007212
db:CNNVDid:CNNVD-201301-376
db:NVDid:CVE-2013-1360

LAST UPDATE DATE
2024-08-14T14:03:58.863000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61362date:2020-02-13T00:00:00
db:BIDid:57446date:2013-01-17T00:00:00
db:JVNDBid:JVNDB-2013-007212date:2020-02-27T00:00:00
db:CNNVDid:CNNVD-201301-376date:2020-05-26T00:00:00
db:NVDid:CVE-2013-1360date:2020-02-13T14:12:06.497

SOURCES RELEASE DATE
db:VULHUBid:VHN-61362date:2020-02-11T00:00:00
db:BIDid:57446date:2013-01-17T00:00:00
db:JVNDBid:JVNDB-2013-007212date:2020-02-27T00:00:00
db:CNNVDid:CNNVD-201301-376date:2013-01-21T00:00:00
db:NVDid:CVE-2013-1360date:2020-02-11T16:15:12.227