Skip to main content

Dell just patched a nasty bug that might have left your work PC exposed

dell xps 12 review ultrabook carbon fiber lid logo
Dell recently distributed a hotfix that addresses vulnerabilities found in the Dell SonicWALL Global Management System (GMS) and SonicWALL Analyzer, versions 8.0 and 8.1. Both solutions are typically installed on PCs distributed in corporations and businesses, the former of which is used to manage, report, and monitor SonicWALL appliances like SSL VPNs and firewalls. Analyzer provides web-based network traffic analysis and reporting tools.

“Vulnerabilities were found pertaining to command injection, unauthorized XXE, default account, and unauthorized modification of virtual appliance networking information,” the company states. “To fix these vulnerabilities, Dell highly recommends that existing users of Dell SonicWALL GMS and Analyzer Hotfix 174525.”

The vulnerabilities in Dell’s two SonicWALL solutions were uncovered by Digital Defense Incorporated. This company was founded in 1999, and provides managed security assessment solutions for small businesses and Fortune companies alike in over 65 countries. The firm actually discovered up to six vulnerabilities just in Dell’s SonicWALL GMS service alone.

According to the security firm, the vulnerabilities include unauthenticated remote command execution with root privileges, a hidden default account with an easily guessable password, an unauthenticated XML External Entity (XXE) injection in the GMC service, an unauthenticated XML External Entity (XXE) injection via a crafted AMF message, and unauthenticated network configuration changes via the GMC service.

For instance, if the attacker uses the command injection vulnerability, the crafty individual can gain a reverse root shell on the virtual appliance. This enables the attacker to grab database credentials and change the password, preventing the administrator of the GMS to access the interface and giving the attacker full control over the virtual appliance.

As for the hidden account, this can be used to add non-administrative users through the CLI Client made available to download through the GMS web application. These users can then log onto the web interfaces and change the administrator’s password. Their privileges can thus be elevated by logging out and logging back in as administrator with a new password. That means full control of the GMS interface and all connected SonicWALL appliances.

As for some of the other vulnerabilities, hackers could use XXE injection to retrieve encrypted database credentials and IP addresses, and use a static key to decrypt and change the administrator’s password. XXE injection could also be used to retrieve the current MD5 password hash for the administrator of the virtual appliance. The last several hashed passwords for the administrator can be obtained too.

“Users who are unable to apply patches to the affected systems can attempt to mitigate some of the risk posed by these exploit vectors by limiting access to the network services of their SonicWALL GMS appliances to restricted-access internal network segments or dedicated VLANs,” the firm reports.

Top get the hotfix from Dell, customers can simply download it from here. Just log onto MySonicWALL, click on “Downloads” and then “Download Center” in the navigation panel on the left. After that, choose “GMS / Analyzer – Virtual Appliance” or “GMS / Analyzer – Windows” in the drop down menu labeled “Software Type.” After that, follow the release notes for detailed instructions on how to install the hotfix.

For a detailed accounting of each vulnerability that’s now patched by Dell, check out Digital Defense’s blog right here.

Editors' Recommendations

MacGPT: how to use ChatGPT on your Mac
The MacGPT app for macOS Monterey and Ventura.

Apple might not officially be in the AI space, but a developer has created a legitimate way to bring ChatGPT to macOS and make the chatbot accessible from your menu bar.

The aptly named MacGPT is an application developed by Jordi Bruin that allows you to install ChatGPT as a remote browser on your Mac desktop. The application has been available since the 2022 holiday season and has garnered over 370 ratings, many of which are five stars. MacGPT is currently free, however, Bruin accepts donations. Once out of beta, he will make MacGPT available at the App Store, where it will sell for $5.

Read more
Grammarly’s new ChatGPT-like AI generator can do a lot more than proofread your writing
GrammarlyGO's Rewrite for Length feature is shown.

Grammarly, one of the biggest names in writing tools, is adding AI-generated text to its repertoire on the heels of the wild popularity of ChatGPT. Known as GrammarlyGO, this new tool is focused on improving writing rather than replacing the writer.

GrammarlyGO will roll out in beta form to existing users in April. All tiers, including developers, business, education, and premium users, will have access. You can even use GrammarlyGO with a free account.

Read more
Windows 10 Home vs. Pro vs. S mode: What’s the difference?
dell xps 15 2 in 1 review version 1522861390 front display

Windows 10 still holds its own, despite Windows 11 being worth the upgrade. It has many of the same features as its younger sibling, and with some applications, it still performs better. But if you plan to install Windows 10 on a new computer, you'll need to pick from one of the many options of Windows 10 to install.

Should you install Windows 10 Home? Windows 10 Pro? What about S Mode? In this guide to Windows 10, we'll break down the most popular versions and why one or the other might be best for you.
Windows 10 Home vs. Pro vs. S mode features
It can be challenging to work through all the Windows 10 versions to decide which one is right for your needs. All three mainstream versions are on this list and should give you the best choices for general computing or school. 

Read more