Security Advisory: Patched Vulnerability Impacting End-of-Life SRA Appliances

First Published:06/15/2021 Last Updated:02/02/2022

Feb. 2 Update: An earlier version of this article indicated that firmware 9.0.0.10 would be compatibile with end-of-support (EOS) SRA models. Additional investigation has found that the supported 9.0.0.10 firmware and the unsupported SRA models are incompatible. The last SRA models reached EOS status in 2019 and are no longer supported per Terms of Service.


SonicWall is aware of a vulnerability, reported by CrowdStrike, impacting end-of-support Secure Remote Access (SRA) products, specifically the SRA 4600 running an old version of firmware (9.0.0.9-26sv or earlier).

SonicWall continues to urge organizations to practice diligence in patching to help maintain a stronger security posture.

For step-by-step instructions on how to upgrade the firmware of your VPN appliance and upgrade end-of-support appliances, please reference the following KB articles:

Please reach out to SonicWall Technical Support if you require assistance with the firmware upgrade process.

Information Regarding SMA

In February 2021, SonicWall released SMA firmware 10.2.0.7 and 9.0.0.10 to fix a zero-day vulnerability, along with additional comprehensive code-strengthening. This strengthening proactively prevented this reported vulnerability and was fixed in versions 9.0.0.10 and later.

  • Organizations that already upgraded to the 9.0.0.10 firmware or later are already protected against the reported issue and don’t need to take any action.
  • Organizations with any 10.x version are not subject to this vulnerability as the vulnerable feature was deprecated in the 10.x release.
  • Organizations running any firmware versions older than 9.0.0.10 or 10.2.0.7 should, per our earlier instructions, upgrade immediately. These older versions may potentially be exploited if not patched immediately.

Organizations using SMA products should upgrade to the latest firmware release available via MySonicWall.com. End-of-support SRA products must be upgraded to the latest hardware and firmware.

IMPORTANT: Adhering to industry best practices, SonicWall does not provide support (e.g., technical support, firmware updates/upgrades, hardware replacements) for products that have reached End-of-Support (EOS) status. View the SonicWall Product Lifecycle Table for more information.