SonicWall Notice Concerning Potential Back Doors into SonicWall Firewalls

Dell SonicWALL Notice Concerning Potential Back Doors into Dell SonicWALL Firewalls

Dear Customer,       

Over the past few weeks there has been a good deal of press coverage surrounding Juniper Networks related to an internal audit during which unauthorized code was discovered in ScreenOS that could be exploited by a knowledgeable attacker.  Juniper has since addressed the issue and has made patches available for the vulnerable versions of its ScreenOS.  This has to lead to speculation that products from other security vendors may be vulnerable to this type of unauthorized code integration.

Are Dell SonicWALL firewalls susceptible to this type of unauthorized code being added to SonicOS?

No. Dell SonicWALL has a strict software review cycle that does not allow unauthorized code to be added into SonicOS that could be exploited by a third party.

Can unauthorized versions of SonicOS be loaded onto Dell SonicWALL firewalls?

No. SonicOS, the firmware that runs on all Dell SonicWALL firewalls is signed, so only those versions that have been certified by our engineering and QA organizations can be loaded onto that specific Dell SonicWALL firewall model.

Does Dell SonicWALL leverage any third-party validation?

As part of the FIPS and Common Criteria certification process, Dell SonicWALL’s software development process including software change control processes are reviewed to ensure that Dell SonicWALL adheres to a strict process that does not allow any unauthorized code check-ins.

How do I report a vulnerability that may affect one of the Dell SonicWALL products?

Please use our vulnerability submission form or email ProductSecurity@software.dell.com if you believe to report a potential vulnerability in a Dell SonicWALL product.  For a full list of what is required when reporting a vulnerability to Dell SonicWALL: https://support.sonicwall.com/essentials/reporting-security-vulnerability