Dell SonicWALL has several management and reporting solutions which provide a centralized architecture for creating and managing security policies, providing real-time monitoring and alerts, and delivering compliance and usage reports from a single management interface. These products include SonicWALL ViewPoint (being discontinued and replaced by SonicWALL Analyzer), Global Management System (GMS), and the Universal Management Appliance (UMA).
Various versions of Dell SonicWALL ViewPoint, Analyzer, GMS and UAM contain an error within the authentication mechanism of the web interface which can be exploited to bypass the authentication mechanism by setting the
**skipSessionCheck** parameter to 1.
Obtain HotFix 125076.77 from <http://www.mysonicwall.com> and apply the appropriate files for your product.
This exploit was tested against SonicWALL GMS 7.0 SP1 on Windows Server 2003 SP2 English and Windows Server 2008 SP2 (with DEP OptOut). It was also tested against SonicWALL GMS Virtual Appliance 7.0 SP1 on SonicWALL Linux 188.8.131.52.
This exploit supports IPv6 on Windows platforms, but not on GMS Virtual Appliance platforms.