SonicWall Multiple Products skipSessionCheck Authentication Bypass

Added: 03/18/2013
CVE: CVE-2013-1359
BID: 57445
OSVDB: 89347


Dell SonicWALL has several management and reporting solutions which provide a centralized architecture for creating and managing security policies, providing real-time monitoring and alerts, and delivering compliance and usage reports from a single management interface. These products include SonicWALL ViewPoint (being discontinued and replaced by SonicWALL Analyzer), Global Management System (GMS), and the Universal Management Appliance (UMA).


Various versions of Dell SonicWALL ViewPoint, Analyzer, GMS and UAM contain an error within the authentication mechanism of the web interface which can be exploited to bypass the authentication mechanism by setting the skipSessionCheck parameter to 1.


Obtain HotFix 125076.77 from and apply the appropriate files for your product.



This exploit was tested against SonicWALL GMS 7.0 SP1 on Windows Server 2003 SP2 English and Windows Server 2008 SP2 (with DEP OptOut). It was also tested against SonicWALL GMS Virtual Appliance 7.0 SP1 on SonicWALL Linux

This exploit supports IPv6 on Windows platforms, but not on GMS Virtual Appliance platforms.



Back to exploit index