While developing new audit modules for the company’s vulnerability scanning technology, Digital Defense researchers found six vulnerabilities in Dell’s SonicWALL Global Management System, four of them deemed critical.
SonicWALL GMS is a central control, management, reporting, and monitoring solution for SonicWALL appliances such as SSL VPNs and firewalls. GMS is typically found deployed on internal networks, but external implementations are possible.
Among the flaws is one that should definitely not be there: a hidden default account with an easily guessable password (yes, you’ve guessed it: it’s “password”).
“This hidden account can be used to add non administrative users via the CLI Client that can be downloaded from the Console interface of the SGMS web application. The non-administrative user can then log into the web interfaces and change the password for the admin user, elevating their privilege to that of the admin user upon logging out and back in as the admin user with the new password. The would grant the attacker full control of the SGMS interface and all attached SonicWALL appliances,” the researchers explained.
They also found three more user accounts with the same default password, but say that they don’t have CLI access.
All the rest of the flaws (except one) can be exploited by an attacker to gain complete control of the GMS, as well as that of all appliances managed by it.
“The newly identified vulnerabilities require immediate attention due to the unauthenticated nature of exploitation available,” Digital Defense has pointed out.
Dell has confirmed the existence of the flaws, which affect versions 8.0 and 8.1 of the virtual appliance, and has provided patches to get rid of them.
“Users who are unable to apply patches to the affected systems can attempt to mitigate some of the risk posed by these exploit vectors by limiting access to the network services of their SonicWALL GMS appliances to restricted-access internal network segments or dedicated VLANs,” Digital Defense noted.
More technical details about the flaws and possible attack scenarios can be found here.