A vulnerability in SonicWall Global Management System (GMS), allow a remote user to gain access to the appliance using existing SSH key. This vulnerability affects GMS versions 9.1, 9.0, 8.7, 8.6, 8.4, 8.3 and earlier.
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Global_management_system | Sonicwall | * | 8.3 (including) |
| Global_management_system | Sonicwall | 8.4 (including) | 8.4 (including) |
| Global_management_system | Sonicwall | 8.6 (including) | 8.6 (including) |
| Global_management_system | Sonicwall | 8.7 (including) | 8.7 (including) |
| Global_management_system | Sonicwall | 9.0 (including) | 9.0 (including) |
| Global_management_system | Sonicwall | 9.1 (including) | 9.1 (including) |
Developers often choose default values that leave the product as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value. However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it.