Interesting articles on the exposure posed by the SSLVPN vulnerability in SonicWall firewalls
Larry
All-Knowing Sage ✭✭✭✭
Starting with Bleeping Computer:
And going directly to the source, the Bishop Fox article:
These two are "offset" (and I use that term lightly) by the following puff-piece in CRN:
I'm going to leave my musings out of this discussion. I've already voiced my opinion on this issue in other threads.
But I am interested in knowing if any of you in the Community are aware of other partners or clients who have some of these "under-served" devices.
Category: Entry Level Firewalls
0
Comments
Great stuff, thanks for that, waiting for part 3!
"if any of you in the Community are aware of other partners or clients who have some of these "under-served" devices."
While the 'if it ain't broke, don't fix it' mentality of most businesses still reigns, yes I am aware of a handful of these 'under-served' devices.
I read the articles with great interest.
Does Fortinet, for example, also have similar problems?
Fortinet is way ahead in some areas, but the amount of CVEs Fortinet products are creating is way higher than with SonicWall. Maybe FTNT is a more profitable target, dunno.
—Michael@BWC
A simple "count" of CVEs is not a fair comparison across vendors. "CVEs per <something>" would be fair, but the problem here is defining "<something>". Even if you compare just the UTM platforms from different vendors [rather than simply the entirety of their portfolio], if they do different things then the one that does more should be "allowed" more CVEs. I think it's basically impossible to do fairly :)
Good Article, thanks