Backdoor Fixed in Dell Security Line
Friday, July 22, 2016 @ 10:07 AM gHale
Dell issued patches for security issues with its SonicWall products, researchers said.
The issues are in the Dell SonicWALL Global Management System (GMS), a centralized management, reporting, and monitoring solution for SonicWALL appliances, such as the company’s VPNs and firewalls, said researchers at Digital Defense, Inc. (DDI), who found the six vulnerabilities.
One of the vulnerabilities could allow an attacker to take advantage of an easily guessable password in a hidden default account, DDI researchers said in a blog post.
“Using the command injection vulnerability, an attacker can gain a reverse root shell on the virtual appliance. Using this shell the attacker can obtain the data base credentials from /opt/GMSVP/data/sgmsConfig.xml. The database username and password are encrypted with a static key in the TEAV class that is located in /opt/GMSVP/Tomcat/shared/lib/sharedUtil.jar,” the researchers said in a blog post. “Once the database credentials have been obtained, the admin password for the GMS management interface can be changed by logging into the sgmsdb database, and updating the PASSWORD column for ID=admin to a new hash value, such as 5f4dcc3b5aa765d61d8327deb882cf99 (password of “password”). Once the password for the admin user of the GMS interface has been obtained or changed, the attacker would gain control over all SonicWALL appliances being managed by the GMS appliance. “
Researchers also found two unauthenticated root command injections that lead to RCE (remote code execution) with root privileges on Dell equipment.
In addition, they found two unauthenticated XML External Entity Injection (XXE) bugs and another issue that allowed unauthenticated network configuration changes.
Dell issued patches for the platform.