CVE-2013-1360
Description
An authentication bypass in SonicWALL GMS, Analyzer, UMA, and ViewPoint allows a remote attacker to gain admin access via a crafted request to the /sgms/ interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authentication bypass in SonicWALL GMS, Analyzer, UMA, and ViewPoint allows a remote attacker to gain admin access via a crafted request to the /sgms/ interface.
Vulnerability
An authentication bypass vulnerability exists in the Dell SonicWALL Global Management System (GMS) versions 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0, and ViewPoint versions 4.1, 5.0, and 6.0. The flaw resides in the /sgms/ interface and is triggered by a crafted request, allowing a remote unauthenticated attacker to bypass authentication controls [1][2].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the /sgms/ endpoint of an affected SonicWALL GMS, Analyzer, UMA, or ViewPoint installation. No prior authentication or special network position is required beyond network access to the management interface [1][2].
Impact
Successful exploitation grants the attacker administrative access to the affected management system. This can lead to full compromise of the managed SonicWALL devices, including the ability to read and modify configuration, deploy malicious policies, and gain further network access [1][2].
Mitigation
Dell SonicWALL has not publicly released a fix for CVE-2013-1360 in the available references. Users should restrict network access to the /sgms/ interface to trusted IP addresses only, and consider upgrading to the latest supported versions if available. No workaround is provided in the references [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- DELL SonicWALL/Global Management Systemdescription
- Range: = 5.1, 6.0, 7.0
- Range: = 4.1, 5.0, 5.1, 6.0, 7.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6- archives.neohapsis.com/archives/bugtraq/2013-01/0075.htmlmitrex_refsource_MISC
- www.exploit-db.com/exploits/24203mitrex_refsource_MISC
- www.securityfocus.com/bid/57446mitrex_refsource_MISC
- www.securitytracker.com/id/1028007mitrex_refsource_MISC
- exchange.xforce.ibmcloud.com/vulnerabilities/81366mitrex_refsource_MISC
- packetstormsecurity.com/files/cve/CVE-2013-1360mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.