SonicWall Service Bulletin: GMS/Analyzer Vulnerabilities - November 2016

Vulnerabilities in the SonicWALL GMS and Analyzer have been resolved.

Affected Products

SonicWALL GMS and Analyzer

Affected Software Versions

Versions 8.0 and 8.1

Issue Summary

Vulnerabilities were found pertaining to input validation/filter bypass, SQL Injection, XSS, and Adobe Flex bypass.

To fix these vulnerabilities, SonicWall recommends that existing users of SonicWALL GMS and Analyzer upgrade to GMS/Analyzer 8.2.

GMS/Analyzer 8.2 is available for download from https://www.mysonicwall.com. Users should log into MySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select GMS/Analyzer – Virtual Appliance or GMS/Analyzer – Windows in the Software Type drop down menu. Please see the Release Note for this release for detailed installation procedures.

Reported by

Vulnerability Labs (VL-ID-1819, input validation/filter bypass)

Zero Day Initiative (ZDI-CAN-3748, SQL Injection)

Zero Science Lab (VR-2016-01-C0V, SQL Injection; VR-2016-01-C1D, XSS; VR-2016-01-C1F, Adobe Flex Bypass)

Tenable Network Security (Remote Privilege Escalation)

Additional Information

Please contact SonicWALL Support https://support.sonicwall.com/sonicwall-gms/software