@BWC 5051 appeared this week. 5050 was deleted from MSWL Downloads without a comment.
But today i have a email urgent advisory. They should sync their order of recommendations !?!
-----------------------
SonicWall PSIRT has confirmed that an unauthenticated Stack-based Buffer Overflow in SonicOS potentially leads to firewall crash, denial of service (DoS) or remote code execution (RCE).
SonicWall PSIRT is not aware of active exploitation against this vulnerability in the wild.
Please carefully review the knowledge base (KB) article and follow guidance for immediate firmware upgrade.
OVERVIEW
• Advisory ID: SNWLID-2022-0003
• Product(s): Gen 7 TZ, NSa, NSsp and NSv firewalls; Gen 6.5 NSv firewalls
• Impacted Version(s): 7.0.1-5050 and earlier; 7.0.1-R579 and earlier (Gen 7 NSsp 15700 only); 6.5.4.4-44v-21-1452 and earlier (Gen 6.5 NSv only)
• Fixed Version(s): 7.0.1-5051 and later; 6.5.4.4-44v-21-1519 and later
• CVSS: 9.4 (Critical)
• Exploitation: None observed.
• Notes: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (POC) have been made public, nor has malicious use of this vulnerability been reported to SonicWall.
Answers
@LitBobOn as mentioned over here, go for it ASAP.
--Michael@BWC
@BWC 5051 appeared this week. 5050 was deleted from MSWL Downloads without a comment.
But today i have a email urgent advisory. They should sync their order of recommendations !?!
-----------------------
SonicWall PSIRT has confirmed that an unauthenticated Stack-based Buffer Overflow in SonicOS potentially leads to firewall crash, denial of service (DoS) or remote code execution (RCE).
SonicWall PSIRT is not aware of active exploitation against this vulnerability in the wild.
Please carefully review the knowledge base (KB) article and follow guidance for immediate firmware upgrade.
OVERVIEW
• Advisory ID: SNWLID-2022-0003
• Product(s): Gen 7 TZ, NSa, NSsp and NSv firewalls; Gen 6.5 NSv firewalls
• Impacted Version(s): 7.0.1-5050 and earlier; 7.0.1-R579 and earlier (Gen 7 NSsp 15700 only); 6.5.4.4-44v-21-1452 and earlier (Gen 6.5 NSv only)
• Fixed Version(s): 7.0.1-5051 and later; 6.5.4.4-44v-21-1519 and later
• CVSS: 9.4 (Critical)
• Exploitation: None observed.
• Notes: SonicWall PSIRT is not aware of active exploitation in the wild. No reports of a proof of concept (POC) have been made public, nor has malicious use of this vulnerability been reported to SonicWall.
----------------------
---another weekend with SNWL :-(
--Thomas
Of course 5050 has a bug: it's been stable and fast for me...