Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.
If left unfixed, the vulnerabilities allow remote, unauthenticated attackers to gain full control of SonicWALL Global Management System (GMS) deployments and the devices managed through those systems.
The SonicWALL GMS virtual appliance software has six vulnerabilities, four of which are rated critical, according to researchers from security firm Digital Defense.
First, unauthenticated attackers could inject arbitrary commands through the system's web interface that would be executed with root privileges. This is possible through two vulnerable methods: set_time_config and set_dns.
Another issue is a hidden default account with a weak, guessable password. This account can be used from the command line to add new non-administrative users. However, non-administrative users created in this way can change the password for the admin account through the web interface, essentially gaining administrative privileges, the Digital Defense researchers said in an advisory.
Another critical issue is an XML External Entity Injection (XXE) flaw in the GMC Service. An unauthenticated attacker can exploit this flaw to extract encrypted credentials, the IP address, and port number for the GMS cluster database and then use an obtainable static key to decrypt and change the admin password.
"An attacker can gain full compromise of the GMS interface and all attached SonicWALL appliances, arbitrary file retrieval with root privileges, and denial of service," the researchers said.
Dell has released Hotfix 174525 for Dell SonicWALL GMS and Analyzer version 8.0 and 8.1. The hotfix can be downloaded by customers through the mysonicwall.com website after logging in with their accounts.