Options
BEAST CVE vulnerability
cyber_monkey
Newbie ✭
We are currently running SonicOS Enhanced 6.5.4.11-97n. I saw the below CVE affecting certain firewalls around this generation. Does anyone know if our firewall is vulnerable to this? And if so does anyone know how to disable the appropriate CBC ciphers?
Category: Entry Level Firewalls
Tagged:
1
Best Answer
-
OptionsCORRECT ANSWER
MustafaA
SonicWall Employee
Hi @cyber_monkey . This is an old CVE affecting our older firmware versions. Your current firmware 6.5.4.11-97n is not exposed to this vulnerability and more information is available on our Product Security Incident Response Team portal https://psirt.global.sonicwall.com/vuln-list
1
Answers
Hi @MustafaA, are you able to speak to this?
Hi @cyber_monkey, can I move this post from Content Filtering Client to Entry Level Firewalls?
that's fine @Community Manager
Thanks, @MustafaA.
I've included the direct link here: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0003
@cyber_monkey
6.5.4.11-97n was released a year ago (August 2022). There have been several interim maintenance releases since then.
6.5.4.12-101n was issued in April 2023.
And the reason you haven't upgraded is...
@Larry I would like to upgrade. I'm relatively new to the company and I am addressing these issues as I go. Any helpful upgrade guides? When will our version reach EOL?
@cyber_monkey , we always suggest our customers to keep the firmware up-to-date. Since all Gen6 firewalls are currently in Active Retirement Mode, there are bug or vulnerability fixes in each new firmware release. Hence, it is always a good idea to update the firewall as new firmware version is available.
Product Life Cycle Tables
https://www.sonicwall.com/support/product-lifecycle-tables
Also, each firmware version has Release Notes, which highlights what issues or vulnerabilities are fixed with it. You can download the firmware and the Release Notes via your MySonicWall.com account.
@MustafaA
Any chance we will need to upgrade from 6.5 to 7 ? Will there be a point where you are only supporting 7?
Yes, some of the Gen6 models will be end of life in2025 and the rest in 2026. Rather than waiting until the last minute, it might be a good idea to transition to Gen7 firewalls, which are more powerful (CPU, Memory etc.).
In the Product Lifecycle table the term is "End of Support" for end of life.
@cyber_monkey - just to be clear. You are running a Gen 6.5 device. To run a Gen 7 device you need to get a new device. There is no firmware upgrade path on the old hardware.
Currently, and through the end of the year (or while supplies last), SonicWall is offering a 3 & Free promotion for Gen 7 devices that now permits secure upgrade of existing SW firewalls as well as trade-ins from competitive vendors.
Contact your sales rep or channel account manager for more information.