Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0117 SonicWALL GMS and Analyzer Product Notification 5 December 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Dell SonicWALL GMS Dell SonicWALL Analyzer Operating System: Windows Network Appliance Impact/Access: Root Compromise -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Unauthorised Access -- Unknown/Unspecified Resolution: Patch/Upgrade Member content until: Wednesday, January 4 2017 OVERVIEW Vulnerabilities have been identified in Dell SonicWALL GMS, Analyzer, and UMA prior to version 8.0, 8.1 and earlier. [1-2] IMPACT The vendor has provided the following details regarding this vulnerability: "Vulnerabilities were found pertaining to input validation/filter bypass, SQL Injection, XSS, and Adobe Flex bypass." [1-2] MITIGATION To fix these vulnerabilities, SonicWall recommends that existing users of SonicWALL GMS and Analyzer upgrade to GMS/Analyzer 8.2. REFERENCES [1] SonicWALL Analyzer Product Notification https://support.sonicwall.com/product-notification/215257?productName=SonicWALL%20Analyzer [2] SonicWALL GMS Product Notification https://support.sonicwall.com/product-notification/215257?productName=SonicWALL%20GMS AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWETadIx+lLeg9Ub1AQgc6hAApTY6XRBRY54khzHeaMJWhf9RiCCSPnsf ujgbM/be03o/C7EbbKdUe9Aqo44e0Letmt9bark+3byGoz7iRkJ4e7gbCc4/zQ/9 rGiRMr5032CH4MM2C5euGt4BgtlpEm/RpblKsKmBrFW3DfoCKNdUFkxlXmfUv0V6 Trtba2NsYXTf1GShFYDUmPvGv3EwhLUdhxOWcrTVVQQxhYYxzdY9nx2c7dpxfJwv t/zq1Y+ac06IUgYQ+msO7w1G83YO0FqW6IRudNpRSUH/B0yRM/n2rF4Mci35q7lG fB2giLnPpKr1r57qfmVplwXlF6vIaAG7p9LBjMIGp1XtAldznnpoxWs+HppnQvNE w7yue0NdZHsqsIYSjUmCbd5yWFvtwEdoibItI3Xwi0hdJa+DbrxEm+8/VewBJLHH iRFcktANZDFX2PD2HNJmkwwf14qilIU1LpQ7tvoMQqRcWJYQbGXM2NBn9v+G0nyE TywAOwqMdl32CU9Wl5at1+qk1nmliCmHHlEkPc4mFEwFdQYM1aFhzBfpOfjCC5GK goL60CYVu/uPw2GR/zi4++I7heEhK43JVr4/kCjT7eiDZ7UfpagBoOjIJZs4ljVK NS/Da3ag7AJmBfDkeZmB8f4bdNO53g1yEh9QWHCouaAu/Ip9Yl92fYSPJ+wAvV/D Zs+E0RIjads= =n3IV -----END PGP SIGNATURE-----