Dell has patched several vulnerabilities in its SonicWALL Email Security product, including four high severity issues that can be exploited to take control of a system and intercept corporate emails.
Researchers at Digital Defense have analyzed the SonicWALL Email Security virtual appliance and discovered vulnerabilities that can lead to command injection, arbitrary file deletion, denial-of-service (DoS) and information disclosure.
According to the security firm, an unauthenticated attacker can easily access backup files, including a settings file that contains an SHA-1 hash of the administrator account password. Some potentially sensitive files can also be accessed via an XML External Entity (XXE) injection attack.
Experts also found an issue related to a feature that can be used to send backup files to a remote FTP server. This function can be enabled by creating an FTP profile that includes the server’s address, port, username, password and destination path. The problem is that user input is not properly validated in some of these fields, allowing an authenticated attacker to inject arbitrary commands.
Attackers can also abuse a feature designed for adding and deleting compliance dictionaries to delete any file from the host running the SonicWALL Email Security software. This could lead to a DoS condition.
The vulnerable appliance is often configured for external access, allowing remote attackers to combine the authentication bypass and command execution flaws to take complete control of the device and leverage it to capture inbound and outbound corporate emails.
The vulnerabilities discovered by Digital Defense were patched earlier this month with the release of SonicWALL Email Security OS 8.3.2, which also addresses several other flaws.
This is not the first time Digital Defense researchers have found vulnerabilities in SonicWALL products. In July, the company disclosed six weaknesses in the Dell SonicWALL Global Management System (GMS).
Related Reading: EMC Patches Critical Flaws in VMAX Storage Products
Related Reading: Attackers Can Target Enterprises via GroupWise Collaboration Tool
Related Reading: Cisco Forgets to Remove Testing Interface From Security Appliance