SNWL - Icons

SonicWall Notice Concerning FireStorm Vulnerability

Dell SonicWALL Notice Concerning FireStorm Vulnerability

Dear Customer,       

A security flaw code-named FireStorm was recently identified that could potentially leave many next-generation firewalls vulnerable.  During an internal review, Dell SonicWALL discovered that our firewalls will allow SYN connections with data. Dell SonicWALL Firewalls have full SPI capabilities and most customers define the IP address and port number in the access rules first.  This method has no vulnerability.  For cases where traffic pattern is used to block a connection instead of an IP address and port number, the Firestorm type attack can be used by sending SYN packets with data to bypass the traffic identification engine.  Dell SonicWALL has since added a new feature to SonicOS to enable the blocking of “TCP SYN packet with data blocking.”  This new option can be found on the Firewall Settings > Flood Protection screen in the SonicOS management interface. This new capability will require a new SonicOS Hotfix build (see below).

Dell SonicWALL Firewalls

TZ, NSA, E-Class NSA, SuperMassive

All versions prior to SonicOS 5.9

All versions prior to SonicOS 6.2

Recommended Action

Upgrade—HF168014-1o (or newer)
Upgrade (or newer)

Reported by

BugSec Group and Cynet

Additional Information

The latest hotfix versions are available from Dell Technical Support. Please contact Dell Technical Support if you experience any issues applying this security update.