@Halon5 something is not well with MSW, it's dead slow (spinning) and every 500v variant (VMware, Hyper-V) is listed twice.
10.2.1.3 and 10.2.0.9 which got released last week are not available anymore, which is irritating because I deployed them all over last week considering the many fixes it included.
Yeah, something's up. The Nov 2021 update with version 10.2.1.3 has been pulled from the downloads section. However, we've already installed it because it showed EIGHT vulnerabilities listed under Resolved Issues in its release notes. Nothing has been posted on SonicWall's vulnerability list though: https://psirt.global.sonicwall.com/vuln-list
We had a note from engineering the build was pulled as some additional changes are needed for security vulnerabilities and they will be reposting the revision shortly (no eta given)
"I didnt see any kind of urgent alert to remove already existing deployments using it so It should be okay, they are going to repost the revision of it soon."
no updates no eta on release, this is exactly why we are moving away from sonicwall
"SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities."
What do they mean by "also"??? This is rather confusing. Do the vulnerabilities impact ALL SMA 100 series appliances or ONLY ones with the WAF enabled? Come on, Comms folks!
UPDATE - One of the security researches clarified my WAF question. All SMA 100 appliances are vulnerable, regardless of whether the WAF was enabled or not.
Answers
Hi @Halon5 the SMA 500v is listed twice in my MSW Download Center, one is empty and the other one is filled with the releases.
--Michael@BWC
Hey @BWC ,
Has this been pulled?
@Halon5 something is not well with MSW, it's dead slow (spinning) and every 500v variant (VMware, Hyper-V) is listed twice.
10.2.1.3 and 10.2.0.9 which got released last week are not available anymore, which is irritating because I deployed them all over last week considering the many fixes it included.
--Michael@BWC
SMA 400 upgraded over the weekend to 10.2.0.9 and I see the same update now missing in the downloads
did they pull it ?????
what gives?
Yeah, something's up. The Nov 2021 update with version 10.2.1.3 has been pulled from the downloads section. However, we've already installed it because it showed EIGHT vulnerabilities listed under Resolved Issues in its release notes. Nothing has been posted on SonicWall's vulnerability list though: https://psirt.global.sonicwall.com/vuln-list
I opened a support ticket and asked why it was pulled
will keep you all posted
Here are the release notes from 10.2.1.3:
Hey @TX_IT , That was the concern for me....
response from sonicwall support
We had a note from engineering the build was pulled as some additional changes are needed for security vulnerabilities and they will be reposting the revision shortly (no eta given)
My question back
should I rollback to previous version?
waiting on a reply
Oh boy. 😬
Sonicwall should have notified us of an issue with the update and what we should do.
rollback? OK to leave the update installed or something else.....
I lost that warm fuzzy felling.
Or...throw on an allow list of IPs @ the firewall again like we had to do back in January...
well it's been 2hrs and NO reply
I am going to rollback
fingers crossed
good luck everyone.
Charlie
Welp. Still crickets on a patch ETA in the support ticket I also opened up last week. 🤦♂️
last communication from sonicwall
Date: 12/1/2021 9:43:26 PM
Status: Activity
"I didnt see any kind of urgent alert to remove already existing deployments using it so It should be okay, they are going to repost the revision of it soon."
no updates no eta on release, this is exactly why we are moving away from sonicwall
The response I received this morning on our ticket:
"We dont have any engineering update
I think ill have to insist on you giving us a call to discuss if this is urgent for you "
Call me old-school, but I'm a fan of proper punctuation/capitalization in formal communication channels. [sigh]
10.2.0.9-41sv (with the same MD5 checksum) is back, 10.2.1.3 might follow.
--Michael@BWC
NINE vulnerability fixes listed in that one. 😳
This is the new one:
"SMA-3127 Vulnerability: SMA100 multiple management APIs are accessible without login."
Everything is better without login. 🥷 🤦♂️
Because it has the same checksum I would tend to say it was pulled for no reason then.
--Michael@BWC
CVEs now added:
EDIT - but only 8. 🤷♂️
But still no updated 10.2.1.3 update to download...
Product Notification:
"SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities."
What do they mean by "also"??? This is rather confusing. Do the vulnerabilities impact ALL SMA 100 series appliances or ONLY ones with the WAF enabled? Come on, Comms folks!
UPDATE - One of the security researches clarified my WAF question. All SMA 100 appliances are vulnerable, regardless of whether the WAF was enabled or not.
10.2.1.3-27sv is finally back up and its hashes match the previously uploaded file, too.