거래 등록, MDF, 판매 및 마케팅 도구, 교육 등에 액세스할 수 있습니다
기술 자료, 커뮤니티, 기술 문서 및 동영상을 검색하시면 질문에 대한 답변을 찾을 수 있습니다
The SonicWall Product Security Incident Response Team (PSIRT) collaborated with a third-party research firm to test, confirm and correct discovered vulnerabilities related to physical and virtual SonicWall next-generation firewall appliances. These findings included:
At this time, SonicWall is not aware of any of the addressed vulnerabilities being exploited or that any customer has been impacted.
SonicWall’s extensive analysis lead to the discovery of 11 unique vulnerabilities requiring Common Vulnerabilities and Exposures (CVE) listings based on the Common Vulnerability Scoring System (CVSS), which were published the week of October 12, 2020.
The PSIRT team worked to duplicate the issues and develop, test and release patches for the affected firewall products. Each SonicOS/X release indicated below is already patched and webposted, and also includes release notes for further information. SMA 100 and 1000 series products are not affected.
Any customer using an impacted firewall product will need to upgrade the firmware. A valid support contract is not required to upgrade.
TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?
The following is a summary of 11 CVEs published by SonicWall PSIRT :
Impacted Products & Upgrade Path
NOTE: SonicWall customers using any of the impacted firewall products should log in to MySonicWall.com via their authorized credentials and download the new version as outlined in the table below. To learn how to upgrade the firmware of your SonicWall device, please refer to: How Can I Upgrade SonicOS Firmware?
FIXED VERSION | AFFECTED PLATFORMS | APPLICABLE CVES |
SonicOS 6.5.4.7-83n |
· TZ (300, 300P, 350, 400, 500, 600, 600P, 300W, 350W, 400W, 500W) · SOHO (250, 250W) · NSA (2600, 3600, 4600, 5600, 6600) · NSa (2650, 3650, 4650, 5650, 6650, 9250, 9450, 9650) · SuperMassive
|
· CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5143
|
SonicOS 5.9.2.7-5o |
· TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W · SOHO · NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510) |
Seven (7) Total CVEs
· CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5143
|
SonicOS 5.9.2.13-7o |
· TZ (100, 100W, 105, 105W, 200, 200W, 205, 205W, 210, 210W, 215, 215W) · SOHO · NSA (220, 220W, 240, 250M, 250MW, 2400, 2400MX, 3500, 4500, 5000, 5500, 6500, 7500, 8500, 8510)
|
Seven (7) Total CVEs
· CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5143 |
SonicOS 6.5.1.12-1n |
· SuperMassive (9800) · NSsp (12400, 12800) |
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143
|
SonicOS 6.0.5.3-94o |
· SuperMassive |
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143 |
SonicOS 6.5.4.v-21s-987 |
· NSv (10, 25, 50, 100, 200, 300, 400, 800, 1600) on VMware, Hyper-V, KVM · NSv (200, 400, 800, 1600) on AWS, AWS-PAYG, Azure
|
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143 |
Gen7 7.0.0-Rxxx (pre-production beta units only; not commercially available) |
· TZ (570, 570P, 570W, 670) · NSv (270, 470, 870) · NSsp (15700) |
Eleven (11) Total CVEs
· CVE-2020-5133 · CVE-2020-5134 · CVE-2020-5135 · CVE-2020-5136 · CVE-2020-5137 · CVE-2020-5138 · CVE-2020-5139 · CVE-2020-5140 · CVE-2020-5141 · CVE-2020-5142 · CVE-2020-5143
|
TIP: To upgrade the firmware of your SonicWall device, please refer to How Can I Upgrade SonicOS Firmware?