Product Notice: Buffer Overflow Vulnerability In SonicOS IPsec
Overview
Heap-based buffer overflow vulnerability in the SonicOS IPSec allows an unauthenticated remote attacker to cause Denial of Service (DoS).
Product Impact
Please review the table below to see if your firewall appliance is impacted. If your appliance is using an impacted firmware version, please follow the provided patch guidance.
Gen | Impacted Models | Impacted Version |
Gen 6 | NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, | SonicOSV 6.5.4.4-44v-21-2395 and earlier. |
Gen 7 | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870 | SonicOS 7.1.1-7051 and earlier, |
NOTE: Physical firewall appliances using SonicOS 5.x, 6.x and 6.5.x are not impacted.
Workaround
To minimize potential impact please restrict inbound IPSec VPN access to trusted sources or disable IPSec VPN access from Internet sources, then apply the patch available at MySonicWall as soon as possible for impacted products. For help with upgrading the firmware, please refer to: How can I upgrade SonicOS Firmware?
Remediation
Users will need to upgrade their impacted models to the versions mentioned in the table below if they are running SonicOS version which is impacted by this vulnerability.
Gen | Fixed Models | Fixed Version |
Gen 6 | NSv 10, NSv 25, NSv 50, NSv 100, NSv 200, | SonicOSV 6.5.4.4-44v-21-2457 |
Gen 7 | TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870 | SonicOS 7.1.1-7058, |
NOTE: If you are already running SonicOS 7.1.1-7058 then you do not require any additional action at this moment.
