Security researchers are warning Dell security management software admins to patch their systems after finding six high-risk vulnerabilities.
One of the highest-rated "critical" flaws involves a hidden default account with an easily-guessable password in Dell's Sonicwall Global Management System (GMS), a widely-used software used to centrally monitor and manage an enterprise's array of networked security devices.
The vulnerability could allow an attacker "full control" of the software and all connected appliances, such as virtual private networking (VPN) appliances and firewalls. The flaws were detailed in an advisory posted by researchers at Digital Defense, a Texas-based firm that has a commercial stake in the vulnerability scanning business. However, there's no evidence to suggest the flaws have been actively exploited by attackers, the researchers said.
Dell acknowledged the flaws affect the most recent versions of the GMS software -- versions 8.0 and 8.1 -- and issued patches. In a security advisory, the company said it "highly recommends" that admins install the hotfix, available from its support pages. A Dell spokesperson was unavailable for comment.