Some bad news for users of Dell’s SonicWALL security solution. Security researchers has identified six Vulnerabilities including a hidden ‘Backdoor’ in Dell’s SonicWALL Global Management System (GMS), Version 8.1 (Build: 8110.1197).
Dell SonicWALL security
Dell offers SonicWALL security as “Integrate hardware, software and services for best-of-breed security”. The solutions offered should secure organization’s systems, users and data with a deep level of protection that won’t compromise network performance. SonicWALL comes as wired and wireless security solutions. Security reserachers from digitaldefense.com has discovered six critical vulnerabilities in Dell SonicWALL Global Management System (GMS), Version 8.1 (Build: 8110.1197).
(SonicWALL Global Management System, Quelle: Dell)
SonicWALL GMS (Global Management System) is a central management, report and monitoring tool for all SonicWALL solutionen like Firewall, Email Security and Secure Remote Access.
Some vulnerabilities allows unauthorized root command injection via set_time_config and other methods. There are also hidden default account(s) with easily guessable passwords. Such a hidden account can be used, according to digitaldefense.com, to add non administrative users via the CLI Client that can be downloaded from the Console interface of the GMS web application. The non-administrative user can then log into the web interfaces and change the password for the admin user, elevating their privilege to that of the admin user upon logging out and back in as the admin user with the new password. This would grant the attacker full control of the GMS interface and all attached SonicWALL appliances. According to ZDNet.com Dell has confirmed the vulnerabilities in GMS version 8.0/8.1.
— SonicWALL Cares (@SonicWALLCares) 21. Juli 2016
According to this tweet from @SonicWALLCares (as an answer of my German blog post this night), a Dell SonicWALL GMS hotfix is available. Dell has also released a Security Advisory. The updates shall be available for download here.