CVE-2013-1359

Name of the Vulnerable Software and Affected Versions: DELL SonicWALL Analyzer version 7.0 DELL SonicWALL Global Management System (GMS) versions 4.1 through 7.0 DELL SonicWALL Universal Management Appliance (UMA) versions 5.1 through 7.0 DELL SonicWALL ViewPoint versions 4.1 through 6.0

Description: An Authentication Bypass issue exists, allowing a remote malicious user to obtain access to the root account via the skipSessionCheck parameter to the "/appliance/" interface.

Recommendations: For DELL SonicWALL Analyzer version 7.0, avoid using the skipSessionCheck parameter in the "/appliance/" interface until the issue is resolved. For DELL SonicWALL Global Management System (GMS) versions 4.1 through 7.0, restrict access to the UMA interface to minimize the risk of exploitation. For DELL SonicWALL Universal Management Appliance (UMA) versions 5.1 through 7.0, consider disabling the /appliance/ interface until a patch is available. For DELL SonicWALL ViewPoint versions 4.1 through 6.0, restrict access to the /appliance/ interface to minimize the risk of exploitation.