SonicWall notice concerning OpenSSL defects including Man-in-the-Middle vulnerability (CVE-2014-0224)
Researchers have found multiple defects including a Man-in-the-Middle (MITM) vulnerability in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For detailed information on the Man-in-the-Middle and other vulnerabilities see the OpenSSL website.
SonicWall Firewalls and GMS Are Not Affected
SonicWall firewalls (TZ, NSA, E-Class NSA, SuperMassive) and Global Management System (GMS) are NOT affected by the vulnerabilities. Additionally, firewalls with an active Intrusion Prevention Service have, as of June 5, 2014, signatures to protect servers against the vulnerabilities including MITM exploits.
SonicWall E-Class SRA Specific Software Versions Affected
E-Class Secure Remote Access (Aventail)
| E-Class SRA Server Side Software | Software version 10.6.4 Software versions 10.7.0 and 10.7.1 |
| Impact | Versions above are affected and should be patched immediately. |
| Recommended Action | Apply Hotfix 10.6.4-388 For all 10.7.0 users, you must upgrade to 10.7.1 and apply the hotfix. Apply Hotfix 10.7.1-322 |
Â
Additional Information
The latest 10.7.1 software version is available for download on www.mySonicWall.com.
SonicWall SMB SRA Specific Firmware Versions Affected
SMB Secure Remote Access
| SMB SRA Server Side Firmware | 7.0.0.12-28sv and all previous 7.0 versions 7.5.0.6-23sv and all previous 7.5 versions |
| Impact | Versions above are affected and should be patched immediately. |
| Recommended Action | Upgrade 7.5 to 7.5.0.7-24sv Upgrade 7.0 to 7.0.0.15-32sv |
Â
Additional Information
The latest 7.0 and 7.5 firmware versions are available for download on www.mySonicWall.com.
SonicWall Email Security Software Affected
The SonicWall Email Security team is currently investigating which of the software components/versions are affected by the vulnerabilities and its impact. We will provide a comprehensive software patch shortly and send a notification to customers with registered Email Security products as soon as the patch is available. Please contact SonicWall Support if you have any concerns.