All,
As you are likely aware, researchers have discovered seven
new vulnerabilities in versions 1.0.1 and 1.0.2-beta of OpenSSL. Of the seven
vulnerabilities, the most serious is CVE-2014-0224 which can be exploited by a
Man-in-the-Middle (MITM) attack. In response to the discovery we are
communicating the impact and recommended actions first to our partners and
shortly thereafter to Dell SonicWALL customers with affected products. While none
of our firewalls and GMS products are
affected by the vulnerabilities, our Secure Remote Access and Email Security
products are impacted by some of the seven. We have posted a support
bulletin for the affected products on our support site.
To help you address potential questions on our SRA products,
I’m attaching three communications that are going out shortly:
·
A notice to SMB SRA 1200/1600/4200/4600
customers -
(CVE-2014-0224)
Hello,
As you may have heard, researchers
have found multiple defects including a Man-in-the-Middle (MITM) vulnerability
in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software
library. For detailed information on the Man-in-the-Middle and other vulnerabilities,
see the OpenSSL website.
Dell
SonicWALL SMB SRA Specific Firmware Versions Affected
SMB
Secure Remote Access
|
SMB SRA Server Side
Firmware
|
7.0.0.12-28sv and
all previous 7.0 versions
7.5.0.6-23sv and all previous 7.5 versions |
|
Impact
|
Versions above are
affected and should be patched immediately.
|
|
Recommended Action
|
Upgrade 7.5 to
7.5.0.7-24sv
Upgrade 7.0 to 7.0.0.15-32sv |
Additional
Information
The latest 7.0 and 7.5 firmware versions are available
for download on MySonicWALL
·
A notice to E-Class SRA customers -
(CVE-2014-0224)
Hello,
As you may have heard, researchers
have found multiple defects including a Man-in-the-Middle (MITM) vulnerability
in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software
library. For detailed information on the Man-in-the-Middle and other vulnerabilities,
see the OpenSSL website.
Dell
SonicWALL E-Class SRA Specific Software Versions Affected
E-Class
Secure Remote Access (Aventail)
|
E-Class SRA Server
Side Software
|
Software version
10.6.4
Software versions 10.7.0 and 10.7.1 |
|
Impact
|
Versions above are
affected and should be patched immediately.
|
|
Recommended Action
|
Apply Hotfix
10.6.4-388
For all 10.7.0 users, you must upgrade to 10.7.1 and apply the hotfix. Apply Hotfix 10.7.1-322 |
Additional
Information
The latest 10.7.1 software version is
available for download on MySonicWALL. To access the 10.6.4 and 10.7.1 hotfixes, see Knowledge Base article 11605 on the Dell
SonicWALL Support website.
No comments:
Post a Comment