SonicWall notice concerning OpenSSL defects including Man-in-the-Middle vulnerability (CVE-2014-0224)
Researchers have found multiple defects including a Man-in-the-Middle (MITM) vulnerability in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software library. For detailed information on the Man-in-the-Middle and other vulnerabilities see the OpenSSL website.
SonicWall Firewalls and GMS Are Not Affected
SonicWall firewalls (TZ, NSA, E-Class NSA, SuperMassive) and Global Management System (GMS) are NOT affected by the vulnerabilities. Additionally, firewalls with an active Intrusion Prevention Service have, as of June 5, 2014, signatures to protect servers against the vulnerabilities including MITM exploits.
SonicWall E-Class SRA Specific Software Versions Affected
E-Class Secure Remote Access (Aventail)
E-Class SRA Server Side Software
Software version 10.6.4 Software versions 10.7.0 and 10.7.1
Versions above are affected and should be patched immediately.
Apply Hotfix 10.6.4-388 For all 10.7.0 users, you must upgrade to 10.7.1 and apply the hotfix. Apply Hotfix 10.7.1-322
The SonicWall Email Security team is currently investigating which of the software components/versions are affected by the vulnerabilities and its impact. We will provide a comprehensive software patch shortly and send a notification to customers with registered Email Security products as soon as the patch is available. Please contact SonicWall Support if you have any concerns.