Dell SonicWALL SonicOS 5.8.1.0 through 5.8.1.8 Vulnerability notification

A web script vulnerability was detected in Dell SonicWALL SonicOS affecting our firewall line of appliances. The vulnerability is limited to a single page in the graphical user interface and is only possible when the firewall is accessed by the administrator (see Issue Summary below).

Affected Dell SonicWALL Firewall Appliances:

  • TZ 100 / TZ 100 Wireless
  • TZ 105 / TZ 105 Wireless
  • TZ 200 / TZ 200 Wireless
  • TZ 205 / TZ 205 Wireless
  • TZ 210 / TZ 210 Wireless
  • TZ 215 / TZ 215 Wireless
  • NSA 220 / NSA 220 Wireless
  • NSA 240
  • NSA 250M / NSA 250M Wireless
  • NSA 2400
  • NSA 3500
  • NSA 4500
  • NSA 5000
  • NSA E-Class 5500
  • NSA E-Class 6500
  • NSA E-Class 7500
  • NSA E-Class 8500
  • NSA E-Class 8510

Affected Software Versions:

  • SonicOS 5.8.1.0 through 5.8.1.8

Issue Summary

The vulnerability can allow a specifically constructed POST request to execute a malicious script code in the context of an administrative session in the web browser. This occurs when the administrator is logged into the firewall and the attacker issues a POST request to a specific page on the firewall from the administrator’s PC. Successful exploitation of the vulnerability can result in session hijacking and unexpected behavior.

Resolution

Dell SonicWALL recommends customers running 5.8.1.8, or previous 5.8.1.x versions, to upgrade to version 5.8.1.9 which is available from http://www.mySonicWALL.com. A current support contract is not required.

Sent iPadn Ť€©ћ№©¶@τ

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: