Security researcher, Digital Defense Inc., earlier this week warned Dell of some security vulnerabilities in their enterprise software tool. The enterprise software tool accesses firewalls and VPN appliances. If criminals exploited the six vulnerabilities detected by the company, they would gain full access to all systems in business. Dell collaborated with DDI to patch the holes.
One of the vulnerabilities discovered is a hidden default account that can access the software. The concern here is the easily guessable password. The enterprise software, Dell Sonicwall Global Management System, is common software in business enterprises. The software can centrally monitor and manage all devices in a network. DDI explained the vulnerabilities could grant an attacker full control of the software and all connected devices including firewalls and VPN appliances.
DDI claimed that it did not have proof of exploitation of the flaws. According to Dell, the holes are present in the latest versions of the enterprise software. Dell has since issued patches for the GMS software versions 8.1 and 8.0. The company recommends that administrators install the patch as soon as they can. The patches are available for download from Dell’s website.
Digital Defense is a security research company based in San Antonio. It partners with software development companies to fix vulnerabilities and bugs after conducting a comprehensive security analysis. The company has a patented risk assessment scanning process. Mike Cotton, DDI’s vice-president of research and development, in a recent interview claimed that “our security experts do not just design risk assessment technologies. They examine systems for things that hackers may use to access clients’ systems.”
Such vulnerabilities in software may be inevitable. Software developers are trained in software coding and focus more on the functionality of applications at the expense of weaknesses. A software developer may be under pressure to release the app to the market and fail to notice vulnerability in the software code. Incorporation of cyber security units in computer programming education could help combat cases of software vulnerabilities.
If you own a small or medium business, check out the best VPNs suited for you.