SonicOS 220.127.116.11-95n has been released
This update is documented as resolving two issues:
Resolved Issue Issue ID
OpenSSL DoS vulnerability (CVE-2022-0778). GEN6-3365
Exposure of wireless access point sensitive information via SNMP. GEN6-3322
Looking at the NIST NVD database for this CVE (https://nvd.nist.gov/vuln/detail/CVE-2022-0778), it shows a score of 7.5; however, the Details section reads:
This vulnerability has been modified and is currently undergoing reanalysis. Please check back soon to view the updated vulnerability summary.
At the same time, looking at the SonicWall Security Advisory Vulnerability page, https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002, the "fixed software" list includes the Gen 7 7.0.1-5052 update.
The thing is, there is no mention of the CVE in the Release Notes (version P) for this firmware release.
Has anyone implemented either version? Have you experienced any undesirable results?
I'm trying to determine if this is something that I need to rush out this weekend, or if I can (or should) wait another few weeks.