Zero-Day Announcement: Security Vulnerabilities Discovered

San Antonio, TX – July 20, 2016 – Digital Defense, Inc. (DDI), a leading provider of managed security risk assessments, disclosed the discovery of six security vulnerabilities found in the network management services of the Dell SonicWALL GMS platform, a central management reporting and monitoring solution for SonicWALL appliances such as SSL-VPNs and firewalls. Close collaboration between Dell and DDI has resulted in a prompt remediation of the issues.   DDI detected the previously unknown vulnerabilities while developing new audit modules for its patented vulnerability scanning technology. The newly identified vulnerabilities require immediate attention due to the unauthenticated nature of exploitation available.   If exploited by cybercriminals, the identified vulnerabilities lead to the exposure of a GMS interface and some of its files in their encrypted form.   It is critical for organizations to immediately apply the patches released by Dell for the GMS platform. Learn more at https://support.software.dell.com/sonicwall-gms/software.

About the Vulnerabilities

Details surrounding each of the six vulnerabilities are available on the DDI website. Additionally, DDI’s patented scanning technology is capable of detecting all of these vulnerabilities with explicit network tests for the affected network services. Free scans are available.   Digital Defense Research Methodology and Practices   DDI’s Vulnerability Research Team (VRT) actively works to find new zero-day vulnerabilities utilizing the company’s hybrid cloud platform, Frontline^™ Vulnerability Manager (Frontline VM). The joint effort provides Frontline VM customers early detection capabilities for vulnerabilities such as the identified Dell SonicWALL GMS conditions.   Mike Cotton, Vice President of Research and Development at DDI, states, “The strength of our Vulnerability Research Team, combined with our state-of-the-art technology, enables the capability to quickly identify the zero-day vulnerabilities that may threaten the security of organizations. As evidenced through the positive collaboration with Dell, the swift identification and remediation of security issues is paramount to keeping clients secure.”