SonicWall Multiple Products skipSessionCheck Authentication Bypass

2013-03-18T00:00:00
ID SAINT:1D818306CDCE9D06452355B580B07037
Type saint
Reporter SAINT Corporation
Modified 2013-03-18T00:00:00

Description

Added: 03/18/2013
CVE: CVE-2013-1359
BID: 57445
OSVDB: 89347

Background

Dell SonicWALL has several management and reporting solutions which provide a centralized architecture for creating and managing security policies, providing real-time monitoring and alerts, and delivering compliance and usage reports from a single management interface. These products include SonicWALL ViewPoint (being discontinued and replaced by SonicWALL Analyzer), Global Management System (GMS), and the Universal Management Appliance (UMA).

Problem

Various versions of Dell SonicWALL ViewPoint, Analyzer, GMS and UAM contain an error within the authentication mechanism of the web interface which can be exploited to bypass the authentication mechanism by setting the **skipSessionCheck** parameter to 1.

Resolution

Obtain HotFix 125076.77 from <http://www.mysonicwall.com> and apply the appropriate files for your product.

References

<http://secunia.com/advisories/51758/>

Limitations

This exploit was tested against SonicWALL GMS 7.0 SP1 on Windows Server 2003 SP2 English and Windows Server 2008 SP2 (with DEP OptOut). It was also tested against SonicWALL GMS Virtual Appliance 7.0 SP1 on SonicWALL Linux 2.6.23.8.

This exploit supports IPv6 on Windows platforms, but not on GMS Virtual Appliance platforms.

Platforms

Windows
Linux