EX SSL-VPN: An attacker can impersonate a user session without verification of credentials on firmw
03/26/2020 1056 9089
EX SSL-VPN: An attacker can impersonate a user session without verification of credentials on firmware version 10.6.4,10.7.1 or 11.0.0
SonicWall notice concerning “User can access the Workplace without any authentication”.
SonicWall Engineering have found a potential security vulnerability that affects E-Class SRA v10.6.4, v10.7.1, and the new Secure Mobile Access v11.0. This design flaw could potentially enable a potential attacker to impersonate any legitimate user and access the network as if they were that user.E-Class Secure Remote Access (Aventail)
It is important to state that there have been no reports that this flaw has been utilized by anyone to compromise an appliance. However, we are taking proactive action to alleviate the possibility of anyone taking advantage of this vulnerability.
SonicWall E-Class SRA Specific Software Version Affected
|E-Class SRA Server Side Software||Software version fix for 10.6.4,10.7.1 and 11.0.0|
|Impact||Versions above are affected and should be patched immediately.|
|Recommended Action||Hotfix links for respective versions could be downloaded with help of below links: |
10.6.4 Platform Fix
Hotfix For firmware 10.6.4 – Platform Fix (Click Here to Download)
10.7.1 Platform Fix
Hotfix For firmware 10.7.1 – Platform Fix (Click Here to Download)
11.0.0 Platform Fix
Hotfix For firmware 11.0.0 – Platform Fix (Click Here to Download)
Note: -All these hotfix have been QA tested and released as cumulative fix to include prior addressed issues.
-These hotfix are updated under individual released hotfix link for 10.6.4