SonicWALL Products Two Security Bypass Vulnerabilities

Last Update Date: 21 Jan 2013 15:24 Release Date: 21 Jan 2013 4362 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities have been identified in various SonicWALL products, which can be exploited by malicious people to bypass certain security restrictions.

  1. An error when handling request for changing users password can be exploited to change the administrator's password.
  2. An error within the authentication mechanism in the web interface can be exploited to bypass the authentication mechanism by setting the "skipSessionCheck" parameter to "1".

Impact

  • Security Restriction Bypass

System / Technologies affected

  • SonicWALL Analyzer 7.x
  • SonicWALL Global Management System 4.x
  • SonicWALL Global Management System 5.x
  • SonicWALL Global Management System 6.x
  • SonicWALL Global Management System 7.x
  • SonicWALL UMA EM5000 5.x
  • SonicWALL UMA EM5000 6.x
  • SonicWALL UMA EM5000 7.x
  • SonicWALL ViewPoint 4.x
  • SonicWALL ViewPoint 5.x
  • SonicWALL ViewPoint 6.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply Hotfix 125076.77

Vulnerability Identifier

Source

Related Link

Share with

Previous

Foxit Reader Plugin For Browsers URL Processing Buffer Overflow Vulnerability

9 Jan 2013 4996 Views

Next

Lenovo ThinkPad Bluetooth with Enhanced Data Rate Software Insecure Library Loading Vulnerability

23 Jan 2013 4392 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY