CVE-2013-1360
published 2020-02-11CVE-2013-1360: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management…
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.21%
97.5th percentile
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | analyzer | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | global_management_system | — | — |
| sonicwall | gms | — | — |
| sonicwall | universal_management_appliance | — | — |
| sonicwall | universal_management_appliance | — | — |
| sonicwall | universal_management_appliance | — | — |
| sonicwall | viewpoint | — | — |
| sonicwall | viewpoint | — | — |
| sonicwall | viewpoint | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://host/sgms/auth?clientHash=765c5e5b571050030b63666663383064663833761376339303932346163656262&clientHash2=03196ba18cffc80df87a7c90924acebb&changePassword=1&user=admin&ctlSGMSDomainId=DMN0000000000000000000000001↗
- →Detect unauthenticated GET/POST requests to /sgms/auth containing the parameters 'clientHash', 'clientHash2', 'changePassword=1', and 'user=admin' — this is the exact authentication bypass request pattern for CVE-2013-1360. ↗
- →Alert on HTTP requests to /sgms/auth that include the query parameter 'changePassword=1' from unauthenticated sessions, as this triggers the broken session handling in the password change process. ↗
- →Monitor for the specific clientHash value '765c5e5b571050030b63666663383064663837613763393039323461636562' and clientHash2 value '03196ba18cffc80df87a7c90924acebb' in HTTP request parameters targeting /sgms/auth. ↗
- →Monitor for the ctlSGMSDomainId parameter value 'DMN0000000000000000000000001' in requests to /sgms/auth, which is characteristic of the PoC exploit for this bypass. ↗
- ·The authentication bypass may require a follow-up step: after the initial crafted request, the attacker may need to submit any arbitrary password twice in the change-password dialog to complete the login, and then access /sgms/auth again. Detection logic should account for this two-step sequence. ↗
- ·The vulnerability grants full administrative access to all managed appliances under GMS/Analyzer/UMA/ViewPoint, meaning a successful exploit could result in complete compromise of all downstream managed SonicWALL devices — scope of impact extends beyond the GMS host itself. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
SonicWall
CVE-2013-1360: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Ma
vendor_sonicwall·2020-02-11·CVSS 9.8
CVE-2013-1360 [CRITICAL] CWE-287 CVE-2013-1360: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Ma
CVE-2013-1360: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
GHSA
GHSA-2g63-6gwh-xmr7: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4
ghsa_unreviewed·2022-05-05
CVE-2013-1360 [HIGH] GHSA-2g63-6gwh-xmr7: An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.htmlhttp://www.exploit-db.com/exploits/24203http://www.securityfocus.com/bid/57446http://www.securitytracker.com/id/1028007https://exchange.xforce.ibmcloud.com/vulnerabilities/81366https://packetstormsecurity.com/files/cve/CVE-2013-1360http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.htmlhttp://www.exploit-db.com/exploits/24203http://www.securityfocus.com/bid/57446http://www.securitytracker.com/id/1028007https://exchange.xforce.ibmcloud.com/vulnerabilities/81366https://packetstormsecurity.com/files/cve/CVE-2013-1360
2020-02-11
Published