Dell’s computers are not often bothered by security mishaps, but do not remain invulnerable to flaws.
Cybersecurity firm Digital Defense has recently found holes in the fabric of the company’s enterprise software tool.
The San Antonio-based provider of managed security risk assessment solutions uncovered not one, but six vulnerabilities in Dell’s GMS or SonicWall Global Management System, and the tech giant was quick to act on it.
A new update for specialized software has been rolled out since then for Dell machines to remove the vulnerabilities.
What exactly were the flaws that are said to be critical, such that if cybercriminals got the chance to do an exploit, an entire company could have been brought down?
The SonicWALL Platform
What is the purpose of Dell’s GMS? It empowers businesses and enterprise users over connected devices within the central system and an internally established network.
Left unfixed, the software vulnerabilities pave the way for the easy access of unauthorized entities.
Attackers can totally compromise the GMS interface and affect all SonicWALL security appliances, gain arbitrary file retrieval with root privileges, and cause a denial of service.
Hackers can exploit these vulnerabilities to crack a computer’s password manager almost effortlessly using a hidden default account.
The bottom line? The vulnerabilities can transfer total control of the SonicWALL deployments to an attacker.
That’s not the worse part yet. Not only does a hacker triumph over the affected PC, but shoots its way through across all devices managed under all systems from the network.
Four out of the six vulnerabilities in the SonicWALL virtual appliance software were rated as critical by the Digital Defense researchers.
Dell issued the latest patch for their specialized software to address vulnerabilities in reference to command injection, default account, unauthorized XXE, and the virtual appliance networking-associated information’s unauthorized modification.
How can Dell systems be gravely affected by the flaws?
Initially, it can be achieved through injecting arbitrary commands by way of the GMS web interface.
This would be executed with root privilege, and is made possible with the set_time_config and the set_dns vulnerabilities.
If the attacker uses these security vulnerabilities, a reverse root shell is attained on the software.
This enables them to hack credentials in the database, change the password, and prevent the GMS administrator itself from accessing the interface.
Thus, the attacker will have absolute control over the virtual appliance.
Another security issue is a hidden default account that comes with a weak password that can be easily guessed.
The account can then be utilized from the command line in order to add new users.
Though the recent additions would be non-administrative users, the vulnerability allows the password of the admin account to be changed right within the web interface which essentially grants complete administrative privileges to the new user.
The XXE or XML External Entity Injection security flaw method opens up the opportunity for an attacker to exploit this one among other vulnerabilities.
Encrypted credentials, as well as the IP address and GMS cluster database port number, can then be extracted.
Hackers then decrypt the information through an obtainable static key and would then alter the administrator password.
Mike Cotton, Digital Defense VP of research and development affirmed that the vulnerabilities were right in the SonicWall GMS that’s typically the central nervous system that controls SonicWall devices.
Dell worked together with the firm’s U.S. patented risk assessment scanning process to eliminate the vulnerabilities.
Hotfix Rolled Out
Businesses that use the SonicWall GMS and Analyzer software tool for centralized reporting of VPNs and firewalls should have it updated by their employees or IT service providers since the software isn’t automatically patched.
To fix the vulnerabilities, Dell highly recommends existing users of the SonicWALL GMS and Analyzer versions 8.0 and 8.1 to implement their newly released Hotfix 174525.
It can be downloaded from the mysonicwall.com website after Dell users log in with their accounts.
From the MySonicWALL page, follow the path Downloads > Download Center > GMS/Analyzer-Virtual Appliance or GMS/Analyzer-Windows under the “Software Type” drop down menu.
After such discovery of the vulnerabilities in Dell’s system, it wouldn’t come as a surprise if various other tech companies likewise release new patches and device updates very soon.