Dell has patched several vulnerabilities in its SonicWALL Email Security product, including four high severity issues that can be exploited to take control of a system and intercept corporate emails.
Researchers at Digital Defense have analyzed the SonicWALL Email Security virtual appliance and discovered vulnerabilities that can lead to command injection, arbitrary file deletion, denial-of-service (DoS) and information disclosure.
According to the security firm, an unauthenticated attacker can easily access backup files, including a settings file that contains an SHA-1 hash of the administrator account password. Some potentially sensitive files can also be accessed via an XML External Entity (XXE) injection attack.
Experts also found an issue related to a feature that can be used to send backup files to a remote FTP server. This function can be enabled by creating an FTP profile that includes the server’s address, port, username, password and destination path. The problem is that user input is not properly validated in some of these fields, allowing an authenticated attacker to inject arbitrary commands.
Attackers can also abuse a feature designed for adding and deleting compliance dictionaries to delete any file from the host running the SonicWALL Email Security software. This could lead to a DoS condition.
The vulnerable appliance is often configured for external access, allowing remote attackers to combine the authentication bypass and command execution flaws to take complete control of the device and leverage it to capture inbound and outbound corporate emails.
The vulnerabilities discovered by Digital Defense were patched earlier this month with the release of SonicWALL Email Security OS 8.3.2, which also addresses several other flaws.
This is not the first time Digital Defense researchers have found vulnerabilities in SonicWALL products. In July, the company disclosed six weaknesses in the Dell SonicWALL Global Management System (GMS).
Related Reading: EMC Patches Critical Flaws in VMAX Storage Products
Related Reading: Attackers Can Target Enterprises via GroupWise Collaboration Tool
Related Reading: Cisco Forgets to Remove Testing Interface From Security Appliance
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Latest News
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
