SonicWall GMS/Analyzer/UMA Command Injection and Arbitrary XML Input Vulnerabilities - January 2016

GMS/Analyzer/UMA

Command Injection and Arbitrary XML Input Vulnerabilities - January 2016

Vulnerabilities in the Dell SonicWALL GMS, Analyzer, and UMA have been resolved.

Affected Products

Dell SonicWALL GMS, Analyzer, and UMA EM5000

Affected Software Versions

Versions 7.2, 8.0, and 8.1.

Issue Summary

Fields in the webapp were found to be vulnerable to command injection and a port was found to be vulnerable to arbitrary XML input. 

To fix these vulnerabilities, Dell recommends existing users of Dell SonicWALL GMS, Analyzer, and UMA update their software with GMS/Analyzer/UMA using Hotfix 168056.

GMS/Analyzer/UMA Hotfix 168056 is available for download from https://www.mysonicwall.com. Users should log into MySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select GMS/Analyzer – Virtual Appliance or GMS/Analyzer – Windows in the Software Type drop down menu. Please see the Release Note for this Hotfix for detailed installation procedures.

Reported by

cpnrodzc7 working with HP's Zero Day Initiative and kernelsmith of HP Zero Day Initiative

Additional Information