Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicOS 6.5.4.10-95n has been released

LarryLarry All-Knowing Sage ✭✭✭✭

This update is documented as resolving two issues:

Resolved Issue                        Issue ID

OpenSSL DoS vulnerability (CVE-2022-0778).            GEN6-3365

Exposure of wireless access point sensitive information via SNMP.   GEN6-3322

Looking at the NIST NVD database for this CVE (https://nvd.nist.gov/vuln/detail/CVE-2022-0778), it shows a score of 7.5; however, the Details section reads:

Undergoing Reanalysis

This vulnerability has been modified and is currently undergoing reanalysis. Please check back soon to view the updated vulnerability summary.

At the same time, looking at the SonicWall Security Advisory Vulnerability page, https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002, the "fixed software" list includes the Gen 7 7.0.1-5052 update.

The thing is, there is no mention of the CVE in the Release Notes (version P) for this firmware release.

Has anyone implemented either version? Have you experienced any undesirable results?

I'm trying to determine if this is something that I need to rush out this weekend, or if I can (or should) wait another few weeks.

Category: Entry Level Firewalls
Reply
Sign In or Register to comment.