Security Advisory: Patched Vulnerability Impacting End-of-Life SRA Appliances

First Published:06/15/2021 Last Updated:06/15/2021

SonicWall is aware of a new vulnerability, reported by CrowdStrike, impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA 4600 running an old version of firmware (9.0.0.9-26sv or earlier).

In February 2021, SonicWall released SMA firmware 10.2.0.7 and 9.0.0.10 to fix a zero-day vulnerability, along with additional comprehensive code-strengthening. This strengthening proactively prevented this newly reported vulnerability in 9.0.0.10.

  • Organizations that already upgraded to the 9.0.0.10 firmware are already protected against this newly reported issue and don’t need to take any action.
  • Organizations with any 10.x version are not subject to this vulnerability as the vulnerable feature was deprecated in the 10.x release.
  • Organizations running any firmware versions older than 9.0.0.10 or 10.2.0.7 should, per our earlier instructions, upgrade immediately. These older versions may potentially be exploited if not patched immediately.

SMA 9.0.0.10 firmware is openly available to customers running appliances that have reached end-of-life (EOL) status, including the aforementioned SRA 4600 appliance.

SonicWall continues to urge organizations to practice diligence in patching to help maintain a stronger security posture.

Organizations using SMA or SRA products should upgrade to the latest firmware release available via MySonicWall.com.

For step-by-step instructions on how to upgrade the firmware of your VPN appliance, please reference the following KB articles:

Please reach out to SonicWall Technical Support if you require assistance with the firmware upgrade process.

Trace:667eabf4cfc16a1e24021b38248f7df6-84