Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA500v : Downloads Unavailable?

I just get this?



Category: Secure Mobile Access Appliances
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Halon5 the SMA 500v is listed twice in my MSW Download Center, one is empty and the other one is filled with the releases.


    --Michael@BWC

  • Halon5Halon5 Enthusiast ✭✭

    Hey @BWC ,

    Has this been pulled?



  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Halon5 something is not well with MSW, it's dead slow (spinning) and every 500v variant (VMware, Hyper-V) is listed twice.

    10.2.1.3 and 10.2.0.9 which got released last week are not available anymore, which is irritating because I deployed them all over last week considering the many fixes it included.

    --Michael@BWC

  • SMA 400 upgraded over the weekend to 10.2.0.9 and I see the same update now missing in the downloads

    did they pull it ?????

    what gives?

  • TX_ITTX_IT Enthusiast ✭✭

    Yeah, something's up. The Nov 2021 update with version 10.2.1.3 has been pulled from the downloads section. However, we've already installed it because it showed EIGHT vulnerabilities listed under Resolved Issues in its release notes. Nothing has been posted on SonicWall's vulnerability list though: https://psirt.global.sonicwall.com/vuln-list

  • I opened a support ticket and asked why it was pulled

    will keep you all posted

  • TX_ITTX_IT Enthusiast ✭✭

    Here are the release notes from 10.2.1.3:


  • Halon5Halon5 Enthusiast ✭✭
    edited December 2021
  • response from sonicwall support

    We had a note from engineering the build was pulled as some additional changes are needed for security vulnerabilities and they will be reposting the revision shortly (no eta given)


    My question back

    should I rollback to previous version?

    waiting on a reply

  • Sonicwall should have notified us of an issue with the update and what we should do.

    rollback? OK to leave the update installed or something else.....

    I lost that warm fuzzy felling.

  • TX_ITTX_IT Enthusiast ✭✭

    Or...throw on an allow list of IPs @ the firewall again like we had to do back in January...

  • Charlie_L235Charlie_L235 Newbie ✭
    edited December 2021

    well it's been 2hrs and NO reply

    I am going to rollback

    fingers crossed

    good luck everyone.

    Charlie

  • TX_ITTX_IT Enthusiast ✭✭

    Welp. Still crickets on a patch ETA in the support ticket I also opened up last week. 🤦‍♂️

  • Charlie_L235Charlie_L235 Newbie ✭
    edited December 2021

    last communication from sonicwall

    Date: 12/1/2021 9:43:26 PM

    Status: Activity

    "I didnt see any kind of urgent alert to remove already existing deployments using it so It should be okay, they are going to repost the revision of it soon."

    no updates no eta on release, this is exactly why we are moving away from sonicwall

  • TX_ITTX_IT Enthusiast ✭✭

    The response I received this morning on our ticket:

    "We dont have any engineering update

    I think ill have to insist on you giving us a call to discuss if this is urgent for you "

    Call me old-school, but I'm a fan of proper punctuation/capitalization in formal communication channels. [sigh]

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited December 2021

    10.2.0.9-41sv (with the same MD5 checksum) is back, 10.2.1.3 might follow.

    --Michael@BWC

  • TX_ITTX_IT Enthusiast ✭✭

    NINE vulnerability fixes listed in that one. 😳

    This is the new one:

    "SMA-3127 Vulnerability: SMA100 multiple management APIs are accessible without login."

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Everything is better without login. 🥷 🤦‍♂️

    Because it has the same checksum I would tend to say it was pulled for no reason then.

    --Michael@BWC

  • TX_ITTX_IT Enthusiast ✭✭
    edited December 2021

    CVEs now added:

    EDIT - but only 8. 🤷‍♂️

  • TX_ITTX_IT Enthusiast ✭✭

    But still no updated 10.2.1.3 update to download...

  • TX_ITTX_IT Enthusiast ✭✭
    edited December 2021

    Product Notification:

    "SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities."

    What do they mean by "also"??? This is rather confusing. Do the vulnerabilities impact ALL SMA 100 series appliances or ONLY ones with the WAF enabled? Come on, Comms folks!

  • TX_ITTX_IT Enthusiast ✭✭

    UPDATE - One of the security researches clarified my WAF question. All SMA 100 appliances are vulnerable, regardless of whether the WAF was enabled or not.

  • TX_ITTX_IT Enthusiast ✭✭

    10.2.1.3-27sv is finally back up and its hashes match the previously uploaded file, too.

Sign In or Register to comment.