← Advisories

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Medium
Advisory ID
ZSL-2016-5390
Release Date
29 December 2016
Vendor
Dell Inc. - https://www.sonicwall.com/products/sonicwall-gms/
Affected Version
8.1, 8.0 SP1 Build 8048.1410, Flow Server Virtual Appliance
CVE
CVE-2011-2461
Tested On
SonicWALL, MySQL/5.0.96-community-nt, Apache-Coyote/1.1, Apache Tomcat 6.0.41
Summary

Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutions with enhanced network security monitoring and robust network security reporting. By deploying GMS in an enterprise, you can minimize administrative overhead by streamlining security appliance deployment and policy management.

Description

Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.

Proof of Concept
sonicwall_sop.txtTXT
Disclosure Timeline
26.01.2016Vulnerabilities discovered.
29.01.2016Vendor contacted.
29.01.2016Vendor responds asking more details providing PGP keys.
29.01.2016Sent details to the vendor.
29.01.2016Vendor confirms receipt of the issues forwarding to engineering team.
12.02.2016Asked vendor for status update.
12.02.2016Vendor confirms the issues scheduling a patch release.
23.02.2016Asked vendor for status update.
24.02.2016Vendor replied.
19.04.2016Asked vendor for status update.
20.04.2016Vendor informs one of the issues is in remediation stage, remaining ones still under review.
22.04.2016Working with the vendor.
02.12.2016Vendor releases patch in GMS 8.2 to address these issues.
29.12.2016Coordinated public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://support.sonicwall.com/product-notification/215257?productName=SonicWALL%20GMS
[2]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2461
[3]https://www.adobe.com/support/security/bulletins/apsb11-25.html
[4]https://github.com/ikkisoft/ParrotNG
[5]http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
[6]https://packetstormsecurity.com/files/140302
[7]https://cxsecurity.com/issue/WLB-2016120167
[8]https://exchange.xforce.ibmcloud.com/vulnerabilities/120215
Changelog
29.12.2016Initial release
02.01.2017Added reference [6] and [7]
29.01.2017Added reference [8]