SonicWALL Security Threat

IMPORTANT: Dell SonicWALL Security Threat

On Tuesday, February 16, 2016, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation.  The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as those.  It is though significantly more difficult to exploit.  Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack.  Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system.

Due to this Dell SonicWALL security threat, we have outlined a few options and information below.  Please see the following information for your product(s) and follow the steps outlined below.  We wanted to provide this in order to help protect your organization.

SRA/SMB Series

  • All SRA firmware versions prior to 8.1.0.1-11sv for SRA 4600/1600/Virtual Appliance and 8.0.0.4-25sv for SRA 4200/1200 are affected.
  • Action required:
    • For SRA SMB 8.1.0.2-14sv: the fix has been posted in mysonicwall.com. Simply log in to your mysonicwall.com account, locate and apply.
    • For SRA SMB 8.0.0.5-27sv: the fix has been posted in mysonicwall.com. Simply log in to your mysonicwall.com account, locate and apply.

SRA/SMA X000 Series

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Click here for technical support.