Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
  - Capture ATPMulti-engine advanced threat detection
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Email Security
  - Email SecurityProtect against today’s advanced email threats
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Capture Labs
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
- SonicWall Promotions
- Customer Loyalty Program
MANAGED SERVICES
Contact Sales

English English en

Support

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Management and Reporting

GMS/Analyzer Hotfix for Code Execution Vulnerabilities: "ZDI-CAN-3137" and "ZDI-CAN-3037"

03/26/2020 1044 11858

DESCRIPTION:

Hotfix# 168056 Addresses the following vulnerabilities:

ZDI-CAN-3037: Dell SonicWall GMS/Analyzer Virtual Appliance Multiple Remote Code Execution Vulnerabilities.
ZDI-CAN-3137: Dell SonicWall GMS/Analyzer Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability.

CAUSE:

ZDI-CAN-3037: Fields in webapp are vulnerable to command injection

ZDI-CAN-3137: The appliance has a port that is vulnerable to arbitrary XML input

RESOLUTION:

The hotfix is available in the Free Downloads section of the Download Center when logged in your MySonicWall.com account.

To install the Hotfix, perform the following steps:

Log in to the UMH System Management Interface (/appliance) of your appliance, then navigate to the System>Settings page.
Click Choose File, and then select the Hotfix file that was downloaded from MySonicWall.com.
Click Apply. The appliance automatically restarts after the upgrade is completed.

*Note: This hotfix must be applied to all systems in a GMS/Analyzer/UMA deployment.

Stay In Touch

Email Address*
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
Country
Company
States
Dnb- ZIP
Dnb- Phone
elqCampaignId
elqTrackId
utm_campaign
utm_medium
utm_source
utm_term
utm_content
gclid
sfdc_campaign_id
DnB - Address
DnB - First Name
DnB - Last Name
DnB - Duns
DnB - Global Ult (HQ) DUNS
DnB - Global Ult (HQ) Company
DnB - Employee Count
DnB - Trade Name
DnB - Currency
DnB - Vanity Title
DnB - Country
DnB - State
DnB - Zip
DnB - City
DnB - Global Employee Count
DnB - SIC Code
DnB - SIC Description
DnB - NAICS Code
DnB - NAICS Description
DnB - Revenue
DnB - Domain
DnB - Business Phone
DnB - Company
DnB - DataSource
DnB - DMACode
DnB - EmployeeRange
DnB - Fortune1000
DnB - Fortune200
DnB - Industry
DnB - Postal Code
DnB - PrimarySIC
DnB - SubIndustry
DnB - PrimaryNAICS
DnB - StockTicker
DnB - Revenue Range
DnB - State or Province
DnB - Website
Name
This field is for validation purposes and should be left unchanged.

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

GMS/Analyzer Hotfix for Code Execution Vulnerabilities: "ZDI-CAN-3137" and "ZDI-CAN-3037"

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch

GMS/Analyzer Hotfix for Code Execution Vulnerabilities: "ZDI-CAN-3137" and "ZDI-CAN-3037"

Categories

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Not Finding Your Answer?

Stay In Touch