Dell has patched several critical flaws in its central management system for SonicWALL enterprise security appliances, such as firewalls and VPN gateways.
If left unfixed, the vulnerabilities allow remote, unauthenticated attackers to gain full control of SonicWALL Global Management System (GMS) deployments and the devices managed through those systems.
The SonicWALL GMS virtual appliance software has six vulnerabilities, four of which are rated critical, according to researchers from security firm Digital Defense.
First, unauthenticated attackers could inject arbitrary commands through the system’s web interface that would be executed with root privileges. This is possible through two vulnerable methods: set_time_config and set_dns.
Read more here:: IT news – Security