Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
Alerts & BugsSonicWALL
Home›Alerts & Bugs›Urgent Patch Available For SMA 100 Series 10.X Firmware Zero-Day Vulnerability [Updated Feb. 3, 2 P.M. CST]

Urgent Patch Available For SMA 100 Series 10.X Firmware Zero-Day Vulnerability [Updated Feb. 3, 2 P.M. CST]

By admin
04/02/2021
777
0
Share:
SonicWall Logo

UPDATE: FEBRUARY 3, 2021, 2. P.M. CST

SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv update to patch a zero-day vulnerability on SMA 100 series 10.x code. All SMA 100 series users must apply this patch IMMEDIATELY to avoid potential exploitation.

Affected SMA 100 Devices with 10.x Firmware that Require the Critical Patch:

  • Physical Appliances: SMA 200, SMA 210, SMA 400, SMA 410
  • Virtual Appliances: SMA 500v (Azure, AWS, ESXi, HyperV)

Please read this notice in its entirety as it contains important details for post-upgrade steps.  

Vulnerability Information
The patch addresses vulnerabilities reported to SonicWall by the NCC Group on Jan. 31 and Feb. 2, tracked under PSIRT Advisory ID SNWLID-2021-0001. These include an exploit to gain admin credential access and a subsequent remote-code execution attack.

Upgrade Recommended Steps
Due to the potential credential exposure in SNWLID-2021-0001, all customers using SMA 10.x firmware should immediately follow the following procedures:

  1. Upgrade to SMA 10.2.0.5-29sv firmware, available from www.mysonicwall.com. 
    • This firmware is available for everybody, regardless of the status of their support/service contract.
    • Instructions on how to update the SMA 100 10.x series firmware can be found in this KB article for physical appliances and this KB article for virtual devices.
  2. Reset the passwords for any users who may have logged in to the device via the web interface. 
  3. Enable multifactor authentication (MFA) as a safety measure.
    • MFA has an invaluable safeguard against credential theft and is a key measure of good security posture.
    • MFA is effective whether it is enabled on the appliance directly or on the directory service in your organization.

 NOTE: SMA 500v base image downloads from www.mysonicwall.com for Hyper-V, ESXi, Azure, AWS will be available shortly.

Additional WAF Mitigation Method
Customers unable to immediately deploy the patch can also enable the built-in Web Application Firewall (WAF) feature to mitigate the vulnerability in SNWLID-2021-0001 on SMA 100 series 10.x devices.   

Please follow the guidance in the following KB article to enable WAF functionality: https://www.sonicwall.com/support/knowledge-base/210202202221923/

SonicWall is adding 60 complimentary days of WAF enablement to all registered SMA 100 series devices with 10.x code to enable this mitigation technique.  

While this mitigation has been found in our lab to mitigate SNWLID-2021-0001, it does *not* replace the need to apply the patch in the long term and should only be used as a safety measure until the patched firmware is installed.

Additional Notes

  • We currently are not aware of any forensic data that can be viewed by the user to determine whether a device has been attacked. However, we will post an update as we get more information.
  • Vulnerable virtual SMA 100 series 10.x images have been pulled from AWS and Azure marketplaces and updated images will be re-submitted as soon as possible. We expect the approval process to take several weeks. In the meantime, customers in Azure and AWS can update via incremental updates.
    Release notes for the firmware can be found in the downloads section of www.mysonicwall.com

UPDATE: FEBRUARY 3, 2021, 6. A.M. CST

SonicWall engineering teams continue to finalize the SMA 100 series 10.x patch that addresses the zero-day vulnerability. The new estimate for delivery is mid-day Feb. 3 (PST).

Meanwhile, as outlined below, you can enable the built-in Web Application Firewall (WAF) functionality on the SMA 100 series appliance to help protect against the vulnerability. Please follow the guidance in the following KB article to enable WAF functionality on the SMA 100 series appliance:https://www.sonicwall.com/support/knowledge-base/security-best-practice-for-configuring-web-application-firewall/210202202221923/.

UPDATE: FEBRUARY 2, 2021, 11. P.M. CST

The SMA 100 series 10.x patch announced yesterday to address the zero-day vulnerability is still undergoing final testing and our new estimate for delivery is early Feb. 3 (PST). 

Meanwhile, we have identified an additional mitigation to remediate the attack on the SMA 100 series 10.x firmware. The built-in Web Application Firewall (WAF) functionality has been observed in our testing to neutralize the zero-day vulnerability. Please follow the guidance in the following KB article to enable WAF functionality on the SMA 100 series appliance: https://www.sonicwall.com/support/knowledge-base/210202202221923/

SonicWall is adding 60 complimentary days of WAF enablement to all registered SMA 100 series devices with 10.X code in order to enable this mitigation technique. This 60-day license will be automatically enabled within “www.MySonicWall.com” accounts of registered SMA 100 series devices before the end of today, Feb. 2 (PST).

The Feb. 3 patch remains the definitive solution to the zero-day vulnerability.  The patch will include additional code-strengthening and should be applied immediately upon availability.

[+]UPDATE: February 1, 2021, 2.30 P.M. CST

[+]UPDATE: January 29, 2021, 5.30 P.M. CST

[+]UPDATE January 29, 2021. 7 A.M. CST.

[+]UPDATE January 27, 2021. 7 P.M. CST.

[+]UPDATE January 25, 2021. 5.30 P.M. CST.

[+]UPDATE: January 23, 2021, 9:30 P.M. CST.

[+]UPDATE: January 22, 2021. 10:15 P.M. CST.

Previous Article

An Avengers approach to cybersecurity is not ...

Next Article

End of Life for Old Versions of ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos Logo
    Alerts & BugsSophos

    Advisory: Sophos Central Maintenance scheduled for Saturday, May 8th, 2021

    04/05/2021
    By admin
  • WatchGuard logo
    Alerts & BugsWatchGuard

    WatchGuard – Important Update on WPA and WPA2 Vulnerabilities

    16/10/2017
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Advisory: Sophos Central Maintenance scheduled for Saturday December 7th, 2019

    04/12/2019
    By admin
  • SonicWall Logo
    Alerts & BugsSonicWALL

    SonicWALL Product News

    25/02/2020
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Sophos Firewall XG false vulnerability scan on SSL VPN client

    03/09/2019
    By admin
  • WatchGuard logo
    Alerts & BugsWatchGuard

    WatchGuard: Action needed (AuthPoint) – Upgrade RD Web agent to v1.1.1.79 or higher by 26 August 2020

    03/08/2020
    By admin

  • NewsTrendMicro

    Trend Micro More Than Doubles Commitment to Underrepresented Persons in Cybersecurity

  • Sophos Logo
    Software UpdatesSophos

    Sophos Firewall Manager – SFM 17.1.0 GA Released

  • NewsSophos

    Sophos Intercept X Named Best Endpoint Security Solution by CRN®

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home