Dell SonicWall equipment came with a hidden account. Security researchers have discovered six serious security issues that plague several Dell SonicWall products, one of which is a hidden account with easy-to-guess credentials.
US-based security firm Digital Defense, Inc. (DDI) found the issues and reported the problems to Dell, which today released patches to address all reported bugs.
DDI says the issues are in the Dell SonicWALL Global Management System (GMS), a centralized management, reporting, and monitoring solution for SonicWALL appliances, such as the company’s VPNs and firewalls.
According to an advisory released today, DDI’s team reveal details about a hidden default account that uses an easily guessable password.
“ This hidden account can be used to add non administrative users via the CLI Client that can be downloaded from the Console interface of the GMS web application. The non-administrative user can then log into the web interfaces and change the password for the admin user, elevating their privilege to that of the admin user upon logging out and back in as the admin user with the new password. This would grant the attacker full control of the GMS interface and all attached SonicWALL appliances. ”
Five more other issues discovered
Additionally, the research team also discovered two unauthenticated root command injections that lead to RCE (remote code execution) with root privileges on Dell equipment.
Add to this two more unauthenticated XML External Entity Injection (XXE) bugs and another issue that allowed unauthenticated network configuration changes via the GMC service, and all of a sudden you have a very good reason to apply Dell’s patches if running such equipment in your network.
Dell acknowledged all reports and issued patches today for all affected customers that are deploying the GMS platform.
Dell is just the latest network equipment vendor caught with a backdoor on its devices after the same had happened to Fortinet and Juniper.