Dell patches gaping holes in its SonicWALL security software

Company was apparently 'extremely professional' in dealing with these flaws

Dell

Dell has just patched some serious flaws in its security solutions used on business PCs.

The six vulnerabilities are in SonicWALL GMS and SonicWALL Analyzer and affect version 8.0 and 8.1 of these products respectively. They were found by security firm Digital Defense Incorporated, who brought them to Dell's attention, and noted that the PC vendor had been "extremely professional" when it came to resolving the flaws.

In an advisory provided with the hotfix issued, Dell stated: "Vulnerabilities were found pertaining to command injection, unauthorized XXE, default account, and unauthorized modification of virtual appliance networking information.

"To fix these vulnerabilities, Dell highly recommends that existing users of Dell SonicWALL GMS and Analyzer Hotfix 174525."

Password pickle

One of the vulnerabilities involves an easily guessed password for a hidden default account (which NSA conspiracy theorists have, predictably enough, been pleased to hear about) which when exploited could potentially give an attacker control over any device connected to the company network.

If you run the software in question, you should most definitely be addressing this issue right now.

Dell advises: "GMS/Analyzer/UMA Hotfix 174525 is available for download from https://www.mysonicwall.com.

"Users should log into MySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select GMS/Analyzer – Virtual Appliance or GMS/Analyzer – Windows in the Software Type drop down menu."

In other recent Dell news, the company advised that its PCs will be increasing in price to the tune of 10% thanks to the weakening of the pound against the dollar triggered by Brexit.

Via: Win Beta

Article continues below