• Solutions
    • Solutions


    • Scan
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.
    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.
    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.
    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.
    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.
    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.
    • Am I meeting requisite compliance standards? Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.
  • Cloud Subscriptions
    • Frontline Cloud Subscriptions


    • Frontline Advanced™
    • Frontline Pro™
    • Frontline PCI Pro™
    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.
    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.
    • Frontline Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.

    • Frontline Pen Test™
    • Frontline WAS Advanced™
    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.
    • Frontline Web Application Scanning Advanced (WAS Advanced) as a subscription will provide the highest level of results through a system that is easily deployed and maintained.

  • Platform
    • Platform


    • Frontline RNA™
    • Frontline VM™
    • Frontline WAS™
    • Frontline Reconnaissance Network Appliance (RNA) is a preconfigured network based device used to perform network security assessments without requiring onsite staff.
    • Frontline Vulnerability Manager (VM) is the industry’s most comprehensive, accurate, and easy to use VM platform – bar none.
    • Frontline Web Application Scanning (WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained.

  • Network Security Technologies
    • Technologies


    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™
    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.

    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.
    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™,
  • Professional Services
    • Professional Services


    • Frontline Pen Test Project™
    • Frontline Social Test™
    • Frontline Cyber Threat Management™
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.
    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.
    • Frontline Cyber Threat Management solutions offer organizations expert threat intelligence to evaluate their level of risk in the ‘open, deep and dark web’.

    • SecurED™ Training
    • TEAM™
    • Consultative Services
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.
    • TEAM is a comprehensive online learning management system that helps you address Security Training, Education, and Awareness Module (TEAM™) to reduce risk.

    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.

  • Get a Quote

DDI Discoveres Six NEW Vulnerabilities

The Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) has identified six previously undisclosed vulnerabilities in the Dell SonicWALL Global Management System (GMS). GMS is typically found deployed on the internal network, however, external implementations are possible.

 

Affected Platform(s)ZeroDay_FVM_AD3

Vendor: Dell

Product: SonicWALL Global Management System (GMS)

Versions Tested: 8.1 (Build: 8110.1197, the most recent available) virtual appliance

Link: http://www.sonicwall.com/products/sonicwall-gms/

Brief product description: SonicWALL GMS is a central management, reporting, and monitoring solution for SonicWALL appliances such as SSL VPNs and firewalls. It allows for control and management of all attached SonicWALL appliances.

 

Vulnerability Information

DDI-VRT-2016-55: Unauth root command injection via set_time_config method call (Critical)

DDI-VRT-2016-56: Unauth root command injection via set_dns method call (Critical)

Vulnerability: Unauthenticated Remote Command Execution with Root Privileges

Impact: Using the command injection vulnerability an attacker can gain a reverse root shell on the virtual appliance allowing the attacker to obtain database credentials and change the password for the admin user of the GMS interface allowing complete compromise of the virtual appliance.

 

DDI-VRT-2016-57: Hidden default account(s) with easily guessable password (Critical)

Vulnerability: Hidden Default Account with Easily Guessable Password

Impact: This hidden account can be used to add non administrative users via the CLI Client that can be downloaded from the Console interface of the GMS web application. The non-administrative user can then log into the web interfaces and change the password for the admin user, elevating their privilege to that of the admin user upon logging out and back in as the admin user with the new password. This would grant the attacker full control of the GMS interface and all attached SonicWALL appliances.

 

DDI-VRT-2016-58: Unauth XXE in GMC service (Critical)

Vulnerability: Unauthenticated XML External Entity Injection (XXE) in the GMC Service

Impact: The XXE injection can be utilized to retrieve encrypted database credentials, IP address and port for the GMS cluster database and utilizing the obtainable static key to decrypt and change the admin password to the GMS web interface admin account. An attacker can gain full compromise of the GMS interface and all attached SonicWALL appliances, arbitrary file retrieval with root privileges, and denial of service. No authentication is required to exploit this vulnerability.

 

DDI-VRT-2016-59: Unauth XXE via AMF message (High)

Vulnerability: Unauthenticated XML External Entity Injection via Crafted AMF Message

Impact: Using the XXE injection, an attacker can retrieve the current MD5 password hash for the admin user of the virtual appliance and the last several hashed passwords for the admin user. No authentication is required to exploit this vulnerability.

 

DDI-VRT-2016-60: Unauth modification of the virtual appliance networking info (Medium)

Vulnerability: Unauthenticated Network Configuration Changes via GMC Service

Impact: A denial of service condition can be initiated by sending a HTTP POST with XML method data to get and set various networking options for the GMS virtual appliance which can then be used to reboot the appliance. No authentication is required to exploit this vulnerability.

 

Checks for each of the identified vulnerabilities* are available now in Frontline™ Vulnerability Manager. Clients are encouraged to run a full vulnerability assessment which includes the checks for the Dell SonicWALL GMS vulnerabilities or run Scan Policy SonicWALL GMS July 2016 Flaws to check specifically for only the vulnerabilities identified in this advisory.

 

*There is no check for DDI-VRT-2016-56: Unauth root command injection via set_dns method call (Critical) as checking for this condition would alter the GMS interface in a way that could not be reversed. However, users should assume their GMS platforms are affected if other identified vulnerabilities are present.

 

Dell has addressed these vulnerabilities and released patches for the software at www.mysonicwall.com. Please refer to the following page for specific instructions on how to obtain and apply the update:

https://support.software.dell.com/sonicwall-gms/software

 

Users who are unable to apply patches to the affected systems can attempt to mitigate some of the risk posed by these exploit vectors by limiting access to the network services of their SonicWALL GMS appliances to restricted-access internal network segments or dedicated VLANs.

Additional details regarding the attack vector associated with these flaws will be available following the public disclosure of the vulnerabilities on July 20, 2016 on the DDI Blog.

Not sure if your organization is vulnerable?

Take DDI’s Free 21 Day Trial to Test the Strength of Your External Network.

To learn more about internal network scanning services, contact us.