Product Notifications
Recent Notifications
Notifications by Category
March 2020
03/26/2020
Update as of 7/4/19 2:30 pm EST: The signature (SID 6855) has been removed from the Ultrasurf application. If you continue to experience issues with blocked apps/websites please update the App Control database by logging into the firewall and navigating to MANAGE | Rules | App Control and click Update. Status: Investigating July 4, 2019, 2 a.m. EST Issue: Skype, MS Teams, Slack and other applications may be blocked by App Control Signature ID 6855 - PROXY-ACCESS Ultrasurf. Cause: A new signature was released to block Ultrasurf but this
03/26/2020
SonicWall physical firewall appliances running certain versions of SonicOS contain vulnerabilities in code utilized for remote management. At this time, there is no indication that the discovered vulnerabilities are being exploited in the wild, however: SonicWall STRONGLY advises to apply the SonicOS patch immediately. IF you cannot update immediately, as a mitigation please restrict SonicWall management access (HTTPS/HTTP/SSH) to trusted sources and/or disable management access from untrusted Internet sources, then apply the SonicOS patch as s
03/26/2020
What we know about the Critical Remote Code Execution Vulnerability (CVE-2019-1579) Researchers have found several security flaws in popular corporate VPNs, which they say can be used to silently break into company networks and steal business secrets. According to https://techcrunch.com/2019/07/23/corporate-vpn-flaws-risk/ “Devcore researchers Orange Tsai and Meh Chang said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are ‘easy’ to remotely exploit.” Once the SSL VPN server is compromis
December 2019
12/20/2019
On October 16, 2017 security researchers made public earlier findings in which they demonstrated fundamental design flaws in WPA2 that could theoretically lead to man-in-the-middle (MITM) attacks using key reinstallation attacks (KRACKs). Exploiting the vulnerability could enable cyber criminals to steal confidential information such as email, credit card numbers, passwords and more. The WPA2 design flaws are protocol vulnerabilities and are not implementation specific. Both wireless access points and wireless clients are susceptible. Details o
12/20/2019
SonicWall has received notification of a tech scam that involves entities posing as authorized SonicWall partners, often to gain access to the systems or computers of individual consumers and small businesses. SonicWall has confirmed that these parties are not authorized SonicWall distributors or partners, and that they are using non-standard approaches like requesting access to an end user’s computer, asking end users download files onto their device or demand sensitive personal or financial information. SonicWall sells its network security so
12/20/2019
The SMA 1000 and SMA 100 series depend on device ID's to apply End Point Control (EPC) policies to end users. Device ID's are generated at the time an end user connects to an SMA appliance using Mobile Connect. Recently Apple has changed security guidelines for third party apps. Apps can no longer pull or use device hardware ID's due to privacy concerns (https://developer.apple.com/reference/uikit/uidevice/1620059-identifierforvendor). Because of this recent change end users with Mobile Connect 5 may no longer recieve correct EPC policies. Any
12/20/2019
What Is Bad Rabbit Ransomware? On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine. The initial installer masquerades as a Flash update. Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to brute force entry into devices on the network, according to SonicWall Capture Labs Threat researchers. Are SonicWall Customers Prote
12/20/2019
On January 4th, 2018 security researchers made public earlier findings on two processor vulnerabilities known as Spectre and Meltdown. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. So far, we are tracking and providing updates on the following three known variants of the issue: Variant 1: bounds check bypass (CVE-2017-5753) Variant 2: branch target injection (CVE-2017-5715) Variant 3: rogue data cache load (CVE-2017-575
12/20/2019
On February 8, 2018, a SMA WAF signature update was pushed to all customers that have enabled WAF on the SonicWall Secure Mobile Access appliance. This is a typical occurrence, however, two signatures displayed a negative impact on ActiveSync connections, commonly associated with webmail. Upon discovery, SonicWall initiated the process to retract the update until the offending signatures have been corrected. If you are negatively impacted by this update please perform the provided workaround until the signatures are automatically corrected: Nav
12/20/2019
The Sonicwall Capture Labs Threats Research team have come across a variant of the DesuCrypt ransomware called InsaneCrypt. This variant uses RC4 encryption and encrypts files immediately upon execution. Unlike earlier ransomware, there are no threatening countdown timers and ransom payments amounts immediately presented to the victim. Instead, as is the growing trend with most ransomware today, the victim must communicate with the operator via email for further instructions. Detected as: InsaneCrypt.RSM InsaneCrypt.RSM_2 BTC
12/20/2019
SonicWall firewalls and other appliances are not impacted by VPNFilter. SonicWall researchers are continuing to monitor developments surrounding VPNFilter and have so far confirmed that no SonicWall appliances are impacted by the malware. SonicWall customers are being advised that there is no need to reboot or take any action on any SonicWall appliance. On May 23 2018, researchers at Cisco Talos published a report documenting a new sophisticated modular malware system known as VPNFilter. More than 500,000 devices around the world are said to b
12/20/2019
The disclosure by Palo Alto Networks Unit 42 is not a vulnerability to the current SonicWall Global Management System (GMS). The issue referenced only affects older versions of the GMS software (versions 8.1 or earlier; no longer supported). GMS 8.1 was replaced by version 8.2 in December 2016. Customers and partners running GMS 8.2 and newer are not vulnerable. SonicWall and the Capture Labs threat research team continuously update its products to provide industry-leading protection against the latest security threats, so it is crucial that cu
12/20/2019
Watch our technical deep-dive webinar and demo to learn best practices to a successful SonicWall Deep Packet Inspection of SSL (DPI-SSL) service implementation. Watch NowManaging certificate deployment and certificate pinning are among the top challenges when implementing deep inspection of SSL and TLS certificates on a next-generation firewall. Join us for a technical deep-dive webcast and demo to learn best practices to a successful SonicWall Deep Packet Inspection of SSL (DPI-SSL) service implementation. This in-depth session: • Helps size t
12/20/2019
Dell SonicWALL - Active Retirement Mode Announcement for Dell SonicWALL TZ 105 Wired ModelActive Retirement Mode AnnouncementDell SonicWALL is initiating the Active Retirement Mode (ARM) notification for the Dell SonicWALL TZ 105 Wired model only. Active Retirement Mode is the second phase of the Dell SonicWALL End of Life process outlined at the end of this document. During this phase Dell SonicWALL will no longer actively manufacture or sell the products listed below. In addition, Dell SonicWALL may release a limited number
12/20/2019
Limited Retirement Mode AnnouncementDell SonicWALL is initiating the Limited Retirement Mode (LRM) notification for the Dell SonicWALL ES 300. Limited Retirement Mode is the fourth phase of the Dell SonicWALL End of Life process outlined at the end of this document. During this phase Dell SonicWALL will no longer develop or release firmware updates or new features for these products. In addition, Dell SonicWALL will no longer offer support contracts. After the LRM phase has ended, Dell SonicWALL will transition the ES 30
12/20/2019
SonicWall Last Day Order Announcement for SonicWall Universal Management Appliance UMA EM5000 Last Day Order Announcement SonicWall is initiating the Last Day Order (LDO) notification for the SonicWall Universal Management Appliance UMA EM5000. Last Day Order is the first phase of the SonicWall End of Life process outlined at the end of this document. During this phase, authorized SonicWall partners and distributors may purchase UMA EM5000 hardware SKUs from SonicWall. After the LDO phase has ended, SonicWall will no longer
12/20/2019
SonicWALL Service Bulletin GMS Analyzer Vulnerability Fix - July 2016Vulnerabilities in the Dell SonicWALL GMS and Analyzer have been resolved.Affected ProductsDell SonicWALL GMS and AnalyzerAffected Software VersionsVersions 8.0 and 8.1.Issue SummaryVulnerabilities were found pertaining to command injection, unauthorized XXE, default account, and unauthorized modification of virtual appliance networking information. To fix these vulnerabilities, Dell highly recommends that existing users of Dell SonicWALL GMS and Analyzer Hotfix 174525.GM
12/20/2019
Last Day Order AnnouncementDell SonicWALL is initiating the Last Day Order (LDO) notification for the Dell SonicWALL SonicPoint-Ne Dual-Band. Last Day Order is the first phase of the Dell SonicWALL End of Life process outlined at the end of this document. During this phase, authorized Dell SonicWALL partners and distributors may purchase SonicPoint-Ne Dual-Band SKUs from Dell SonicWALL. After the LDO phase has ended, Dell SonicWALL will no longer accept orders for the SKUs listed below and the SonicPoint-Ne Dual-Band will tran
12/20/2019
Active Retirement Mode AnnouncementDell SonicWALL is initiating the Active Retirement Mode (ARM) notification for the Dell SonicWALL TZ 215 Wired model. Active Retirement Mode is the second phase of the Dell SonicWALL End of Life process outlined at the end of this document. During this phase Dell SonicWALL will no longer actively manufacture or sell the products listed below. In addition, Dell SonicWALL may release a limited number of new features and will issue bug fixes only to the latest version of firmware available for
12/20/2019
Active Retirement Mode AnnouncementDell SonicWALL is initiating the Active Retirement Mode (ARM) notification for the Dell SonicWALL NSA 220 series. Active Retirement Mode is the second phase of the Dell SonicWALL End of Life process outlined at the end of this document. During this phase Dell SonicWALL will no longer actively manufacture or sell the products listed below. In addition, Dell SonicWALL may release a limited number of new features and will issue bug fixes only to the latest version of firmware available for the
Product Categories
Follow Us
© 2024 SonicWall. All Rights Reserved.