Hjem > Cyber ​​Nyheder > Dell SonicWALL Email Security Platform Flaws Could Cause Sensitive Information Disclosure
CYBER NEWS

Dell SonicWALL Email Security Platform Mangler kan forårsage følsomme oplysninger

sårbarhed-stforum

Four previously unknown vulnerabilities were found in the Dell SonicWALL Email Security virtual appliance app by researchers at Digital Defense Inc. Forskerne opdaget fejlene samtidig udvikle nye revisionsmoduler for sin patenterede sårbarhed scanning teknologi. The flaws should be addressed immediately because of the easily accessible web interface on internet or intranet-connected application for the app. Endvidere, there’s a potential for unauthorized individuals to access sensitive information.

The Dell SonicWALL Email Security platform can be configured as a Mail Transfer Agent (MTA) or SMTP proxy and with spam protection, compliance scanning, anti-malware and anti-virus capabilities.

What’s the Impact of the Flaws in Dell SonicWALL Email Security platform?

If these vulnerabilities end up being exploited in the wild, worst case scenario is sensitive data disclosure of admin account password hash, arbitrary OS command execution and file deletion as ROOT. Til sidst, the scenario would end with complete compromise of the appliance.

Relaterede: Dell Tech Support snyd Peg på en Major Kundedata Misligholdelse

Heldigvis, Dell has already addressed the vulnerabilities in a rollup patch 8.3.2 for the SonicWALL Email Security platform. The patch has been available to customers since October 3, 2016.

Here is a short resume of all four vulnerabilities:

  • Authentication Bypass in DLoadReportsServlet
  • Indvirkning: Sensitive information disclosure including config files and the SHA1 password hash for the admin account.

  • Authenticated XML External Entity Injection in known_network_data_import.html
  • Indvirkning: videregivelse Information.

  • Authenticated Remote Command Execution in manage_ftpprofile.html
  • Indvirkning: Arbitrary OS command execution as root, full compromise of the virtual appliance.

  • Authenticated Arbitrary File Deletion in policy_dictionary.html
  • Indvirkning: Deletion of arbitrary files with root privileges, Servicenægtelse.

    Milena Dimitrova

    Milena Dimitrova

    En inspireret forfatter og indholdschef, der har været hos SensorsTechForum siden projektets start. En professionel med 10+ års erfaring med at skabe engagerende indhold. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler! Følg Milena @Milenyim

    Flere indlæg

    Følg mig:
    Twitter

    Efterlad en kommentar

    Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...