Home > Cyber News > Dell SonicWALL Email Security Platform Flaws Could Cause Sensitive Information Disclosure
CYBER NEWS

Dell SonicWALL Email Security Platform Flaws Could Cause Sensitive Information Disclosure

vulnerability-stforum

Four previously unknown vulnerabilities were found in the Dell SonicWALL Email Security virtual appliance app by researchers at Digital Defense Inc. The researchers detected the flaws while developing new audit modules for its patented vulnerability scanning technology. The flaws should be addressed immediately because of the easily accessible web interface on internet or intranet-connected application for the app. Furthermore, there’s a potential for unauthorized individuals to access sensitive information.

The Dell SonicWALL Email Security platform can be configured as a Mail Transfer Agent (MTA) or SMTP proxy and with spam protection, compliance scanning, anti-malware and anti-virus capabilities.

What’s the Impact of the Flaws in Dell SonicWALL Email Security platform?

If these vulnerabilities end up being exploited in the wild, worst case scenario is sensitive data disclosure of admin account password hash, arbitrary OS command execution and file deletion as ROOT. Eventually, the scenario would end with complete compromise of the appliance.

Related: Dell Tech Support Scams Point at a Major Customer Data Breach

Fortunately, Dell has already addressed the vulnerabilities in a rollup patch 8.3.2 for the SonicWALL Email Security platform. The patch has been available to customers since October 3, 2016.

Here is a short resume of all four vulnerabilities:

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree