Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0135.2 A vulnerability in the Dell SonicWALL GMS, Analyzer, and UMA has been resolved 27 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Dell SonicWALL GMS Dell SonicWALL Analyzer Dell SonicWALL UMA Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-8420 Member content until: Thursday, December 25 2014 Revision History: November 27 2014: Added CVE reference November 25 2014: Initial Release OVERVIEW A vulnerability has been identified in Dell SonicWALL GMS, Analyzer, and UMA 7.2 SP2 and earlier. [1] IMPACT The vendor has provided the following details regarding this vulnerability: "GMS, Analyzer, and UMA have remote code execution vulnerabilities. These vulnerabilities are exploitable only by the user who has access to the privileged login for the administrative/appliance interface to GMS." [1] MITIGATION The vendor recommends applying relevant patches or upgrading to the latest version of all affected products. [1] REFERENCES [1] GMS/Analyzer/UMA Remote Code Vulnerability Resolution, November 2014 https://support.software.dell.com/product-notification/136814 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVHZ6mRLndAQH1ShLAQIMlxAAqUFqCc+nXzUgb6tXKTsOrZLM3CztMHs9 9RgWLYPduh2v9lrZyl12CIUW9kPsk0P3HIKAmX8pCwsZx/9iEvlDRu5FlVKRoXqv R3/keSO7dmKe4KNRghlv+SUwSSpFuk0FgPrGzj0JTkCNPMcNdaB3NTxW6rwHjun6 hjZUW/f/tROMyBQkQ0KDN6Sv/Sia2mqkjKT/WwAiEHSQzsW5RnkRYzyPu3blS+YX nrFzFpoGt80dtGzib2rzRpPG/H95OsQf3NGINlbf4PkMaWpcqkbh9A1C2GStfKGv iepH75o3i734gA5ln3j4kAykDu/q/CMGCggbqnwqAYx0SdkCM4KVgpJ12Eh2zzKs oWdUC8xHwp8s2wMYM8CW48cge1SlNhdjSuMMpwG2tM5wrT+0Qh6qQM3RH0154HfB N8P01vqLNt8djXg9Yz5XHwuW8rm9a3499nFvgueMqnovVBYX3C2HGCvKEts7TDew h77UZL4Jl1Mb1KCmHNqXTroh/gs/r6WEKC/PonlS3kXSTipCvcCpwNbnVw3dsFvR 7czEMlztdQqYHnQmiKaaRUWbq8TDgXiGEjmI9mSkCzfDTHUiIbGcqihCY1DxTsTy kGevzgRFxVhaLLxwQPda7WZMmAfwcba+XfYWgzzqxOTCZzJ/1Rt085CsC+Ma1DvL 0w6PqsQ1eP0= =wfGM -----END PGP SIGNATURE-----