Detections
Analytics

SonicWALL Global Management System (GMS) / Analyzer GMC Service XML External Entity (XXE) Injection

critical Nessus Plugin ID 92967

Language:

Synopsis

A web application running on the remote host is affected by an XML external entity injection vulnerability.

Description

The SonicWALL Global Management System (GMS) / Analyzer running on the remote host is affected by an XML external entity (XXE) injection vulnerability in the GMC service due to an incorrectly configured XML parser accepting XML entities from an untrusted source. An unauthenticated, remote attacker can exploit this vulnerability, via specially crafted XML data, to retrieve the contents of arbitrary files or cause a denial of service condition. In one scenario, an unauthenticated, remote attacker can obtain the static key to decrypt and change the admin password to the GMS web interface admin account.

Note that the SonicWALL GMS / Analyzer running on the remote host is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.

Solution

Apply Hotfix 174525 per the vendor advisory.

See Also

https://www.digitaldefense.com/ddi-six-discoveries/

Plugin Details

Severity: Critical

ID: 92967

File Name: sonicwall_gms_analyzer_gmc_unauth_xxe.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 8/15/2016

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sonicwall:global_management_system, cpe:/a:sonicwall:analyzer

Required KB Items: sonicwall/universal_management_appliance

Exploited by Nessus: true

Patch Publication Date: 7/20/2016

Vulnerability Publication Date: 7/20/2016