Dear Dell SonicWALL Partner, On June 5, 2014, OpenSSL issued a security advisory that identified seven vulnerabilities in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. Of the seven vulnerabilities, the most serious is CVE-2014-0224 which can be exploited by a man-in-the-middle (MITM) attack. Dell SonicWALL is informing partners of the security advisory and the potential impact of the vulnerabilities on Dell SonicWALL products. Additionally, we are notifying customers with affected products to make them aware of recommended actions. For detailed information on all seven vulnerabilities, see the OpenSSL website. Dell SonicWALL Firewalls and GMS are not affectedDell SonicWALL firewalls (TZ, NSA, E-Class NSA, SuperMassive) and Global Management System (GMS) are NOT affected by the vulnerabilities. Additionally, firewalls with an active Intrusion Prevention Service have, as of June 5, 2014, signatures to protect servers against the vulnerabilities including MITM exploits. See the OpenSSL MITM article on the SonicWALL Security Center for more information. Dell SonicWALL E-Class SRA specific software versions affectedE-Class Secure Remote Access (Aventail)
Additional informationThe latest 10.7.1 software version is available for download on www.mysonicwall.com. To access the 10.6.4 and 10.7.1 hotfixes, see Knowledge Base article 11605 on the Dell SonicWALL Support website.
|
SMB SRA Server Side Firmware |
7.0.0.12-28sv and all previous 7.0 versions |
Impact |
Versions above are affected and should be patched immediately. |
Recommended action |
Upgrade 7.5 to 7.5.0.7-24sv |
Additional information
The latest 7.0 and 7.5 firmware versions are available for download on www.mysonicwall.com.
Dell SonicWALL Email Security software affected
The Dell SonicWALL Email Security team is currently investigating which of the software components/versions are affected by the vulnerabilities and its impact. We will provide a comprehensive software patch shortly and send a notification to customers with registered Email Security products as soon as the patch is available. Please contact Dell SonicWALL Support if you have any concerns.