GMS/Analyzer Hotfix for Code Execution Vulnerabilities: "ZDI-CAN-3137" and "ZDI-CAN-3037"
03/26/2020 1044 10046
Hotfix# 168056 Addresses the following vulnerabilities:
- ZDI-CAN-3037: Dell SonicWall GMS/Analyzer Virtual Appliance Multiple Remote Code Execution Vulnerabilities.
- ZDI-CAN-3137: Dell SonicWall GMS/Analyzer Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability.
ZDI-CAN-3037: Fields in webapp are vulnerable to command injection
ZDI-CAN-3137: The appliance has a port that is vulnerable to arbitrary XML input
The hotfix is available in the Free Downloads section of the Download Center when logged in your MySonicWall.com account.
To install the Hotfix, perform the following steps:
- Log in to the UMH System Management Interface (/appliance) of your appliance, then navigate to the System>Settings page.
- Click Choose File, and then select the Hotfix file that was downloaded from MySonicWall.com.
- Click Apply. The appliance automatically restarts after the upgrade is completed.
*Note: This hotfix must be applied to all systems in a GMS/Analyzer/UMA deployment.