Software Integrity

 

Dell patches software ‘backdoor’ in SonicWALL Global Management

Six software vulnerabilities, some critical, in Dell’s SonicWALL Global Management have been patched.

An advisory last week from Digital Defense disclosed six vulnerabilities in the Dell SonicWALL Global Management System (GMS). The vulnerabilities could allow command injection, unauthorized XXE, default account, and unauthorized modification of virtual appliance networking information. GMS a used by enterprise organizations to centrally monitor and manage an array of networked security devices including virtual private networking (VPN) appliances and firewalls.

Dell, in an email to ZDNet said “The recent situation raised by Digital Defense, Inc. is related to six vulnerabilities in the Dell SonicWALL Global Management System (GMS), which could allow an attacker control of the software and connected appliances. Unlike intentional “backdoors,” these were software flaws that could allow users to enter the system. Upon learning of the situation, SonicWALL immediately issued patches to the affected versions of the GMS software and there is no evidence to suggest the flaws have been actively exploited by attackers.”

Dell recommends that affected users download the GMS/Analyzer/UMA Hotfix 174525.