SMB SSL-VPN - Does the jQuery vulnerability (CVE-2011-4969) affects SRA/SMA devices?

Description

Customers running vulnerability scans may get reports indicating that the SRA/SMA is affected by the vulnerability CVE-2011-4969. More information about this vulnerability can be found in the following link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969

Resolution

According to our engineering department the SRA/SMA is not vulnerable to the jQuery vulnerability. Even when the SRA is using an affected version of jQuery (1.4.2), we are not using location.hash within a jquery selector which is what exposes the application to a Cross-site scripting (XSS) attack.

Even when the SRA is not vulnerable, our engineers have patched the current jQuery version to be safe based on this patch: https://bugs.jquery.com/ticket/9521.

This patch will be included in the next 8.1.0.4 and 8.5.0.1 firmware releases.

Related Articles

  • How to Provision SMA1000 in Monthly Billing (MSSP Program)
    Read More
  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More

Categories

Secure Mobile Access
SMA 100 Series
not finding your answers?
Ask the Community
Chat