Crowdstrike announces SRA 22.214.171.124 vulnerability
Craig_S Newbie ✭
I guess I've put off upgrading to an SMA long enough...
Category: Secure Mobile Access Appliances
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Thanks for the comment. This issue, CVE-2019-7481, was already addressed by a SonicWall PSIRT Advisory on 17 DEC 2019, updated on 5 March 2020.
Please look at https://psirt.global.sonicwall.com/vuln-list and search for the CVE to see the Advisory.
This vulnerability was found to affect SMA 100 systems running 126.96.36.199 and earlier. The fixed version is 188.8.131.52.
The currently available firmware, in the 9.0 feature set, is 184.108.40.206 available thru MySonicWall.com
This vulnerability did not affect the SMA 1000 product line.
I understand the the SMA line firmware has been fixed. This article is about the SRA product line, particularly the SRA 4600 running 220.127.116.11 which I was running up until this article came out. Now I'm anxiously awaiting the arrival of a new SMA to replace it.
I understand @Craig_S
I replied to ensure the comment is not misunderstood by other users.
As you know the SRA 4600 went End of Support on 1 November 2019.
A 9.0 settings file from an SRA 4600 should import into an SMA 400/410 running 10.2.
If you are replacing it with an SMA 200/210 you can open a support case for assistance converting that settings file to import into an SMA 200/210 after managing the capability differences. This is a new tool. We do not have a public link to this tool to my knowledge.
Thanks for the tip! We'll be replacing it with a SMA 410, so the transition should be painless.