SonicWall Service Bulletin: GMS/Analyzer Vulnerabilities - November 2016
Vulnerabilities in the SonicWALL GMS and Analyzer have been resolved.
SonicWALL GMS and Analyzer
Affected Software Versions
Versions 8.0 and 8.1
Vulnerabilities were found pertaining to input validation/filter bypass, SQL Injection, XSS, and Adobe Flex bypass.
To fix these vulnerabilities, SonicWall recommends that existing users of SonicWALL GMS and Analyzer upgrade to GMS/Analyzer 8.2.
GMS/Analyzer 8.2 is available for download from https://www.mysonicwall.com. Users should log into MySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select GMS/Analyzer – Virtual Appliance or GMS/Analyzer – Windows in the Software Type drop down menu. Please see the Release Note for this release for detailed installation procedures.
Vulnerability Labs (VL-ID-1819, input validation/filter bypass)
Zero Day Initiative (ZDI-CAN-3748, SQL Injection)
Zero Science Lab (VR-2016-01-C0V, SQL Injection; VR-2016-01-C1D, XSS; VR-2016-01-C1F, Adobe Flex Bypass)
Tenable Network Security (Remote Privilege Escalation)
Please contact SonicWALL Support https://support.sonicwall.com/sonicwall-gms/software