SonicWall notice concerning OpenSSL defects including Man-in-the-Middle vulnerability (CVE-2014-0224)

First Published:07/08/2014 Last Updated:03/26/2020

Researchers have found multiple defects including a Man-in-the-Middle (MITM) vulnerability in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For detailed information on the Man-in-the-Middle and other vulnerabilities see the OpenSSL website.

SonicWall Firewalls and GMS Are Not Affected

SonicWall firewalls (TZ, NSA, E-Class NSA, SuperMassive) and Global Management System (GMS) are NOT affected by the vulnerabilities. Additionally, firewalls with an active Intrusion Prevention Service have, as of June 5, 2014, signatures to protect servers against the vulnerabilities including MITM exploits.

SonicWall E-Class SRA Specific Software Versions Affected

E-Class Secure Remote Access (Aventail)

E-Class SRA Server Side Software Software version 10.6.4
Software versions 10.7.0 and 10.7.1
Impact Versions above are affected and should be patched immediately.
Recommended Action Apply Hotfix 10.6.4-388
For all 10.7.0 users, you must upgrade to 10.7.1 and apply the hotfix.
Apply Hotfix 10.7.1-322

 

Additional Information

The latest 10.7.1 software version is available for download on www.mySonicWall.com.

SonicWall SMB SRA Specific Firmware Versions Affected

SMB Secure Remote Access

SMB SRA Server Side Firmware 7.0.0.12-28sv and all previous 7.0 versions
7.5.0.6-23sv and all previous 7.5 versions
Impact Versions above are affected and should be patched immediately.
Recommended Action Upgrade 7.5 to 7.5.0.7-24sv
Upgrade 7.0 to 7.0.0.15-32sv

 

Additional Information

The latest 7.0 and 7.5 firmware versions are available for download on www.mySonicWall.com.

SonicWall Email Security Software Affected

The SonicWall Email Security team is currently investigating which of the software components/versions are affected by the vulnerabilities and its impact. We will provide a comprehensive software patch shortly and send a notification to customers with registered Email Security products as soon as the patch is available. Please contact SonicWall Support if you have any concerns.