Intrusion Prevention

Multiple.SonicWALL.Products.Authentication.Bypass.Vulns

Description

SonicWALL provides VPN and Firewall hardware for Internet security solutions.
Two vulnerabilities exist in multiple SonicWALL products, which could allow remote attackers to obtain and modify sensitive information, as well as bypass the authentication mechanism.

Affected Products

SonicWALL Analyzer 7.x
SonicWALL Global Management System 4.x
SonicWALL Global Management System 5.x
SonicWALL Global Management System 6.x
SonicWALL Global Management System 7.x
SonicWALL UMA 5.x
SonicWALL UMA 6.x
SonicWALL UMA 7.x
SonicWALL ViewPoint 4.x
SonicWALL ViewPoint 5.x
SonicWALL ViewPoint 6.x

Impact

The vulnerability could allow remote attackers to obtain and modify sensitive information, as well as bypass the authentication mechanism.

Recommended Actions

Please apply Hotfix 125076.77 to fix the vulnerablity.
For more information, please refer to SonicWALL 5.0 Hotfix 125076.77 or SonicWALL 6.0 Hotfix 125076.77:
http://seclists.org/fulldisclosure/2013/Jan/125

CVE References

CVE-2013-1359