Welcome to our NEW support portal! We are now SonicWall, with a dedicated support site. Learn more.

SonicWALL GMS Product Notification

Self Service Tools
Knowledge Base
My SonicWall
Product Support
Professional Services
Software Downloads
Technical Documentation
Training and Certification
Video Tutorials
Support Essentials
Getting Started
License Agreement
Support Guide
Return
Critical Issue

  GMS/Analyzer/UMA Remote Code Vulnerability Resolution, November 2014 

Dear Customer,

A vulnerability in the SonicWall GMS, Analyzer, and UMA has been resolved.

Affected Products

SonicWall GMS, Analyzer, and UMA

Affected Software Versions

Version 7.2 SP2 and earlier of the GMS/Analyzer Virtual Appliance and UMA software variants.

Windows variants of GMS/Analyzer are not affected and do not need to be patched.

Issue Summary

GMS, Analyzer, and UMA have remote code execution vulnerabilities. These vulnerabilities are exploitable only by the user who has access to the privileged login for the administrative/appliance interface to GMS. 

We recommend existing users of SonicWall GMS, Analyzer, and UMA 7.2 SP2 (and  earlier) update their software with Hotfix #153315. This hotfix requires the systems to be at 7.2 SP2 prior to patching.

Hotfix #153315 and GMS/Analyzer/UMA 7.2 SP2 software are available for download from www.mySonicWall.com. Users should log into mySonicWall and click on Downloads > Download Center in the navigation panel on the left, then select “GMS/Analyzer – Virtual Appliance” in the Software Type drop down menu. Please see the Release Note for this Hotfix for detailed installation procedures.

Reported by

The Zero Day Initiative

Additional Information

Please contact SonicWall Global Support Services https://support.SonicWall.com/manage-service-request