IMPORTANT: SonicWALL Vulnerability Patch for Remote Management

We don’t receive a lot of these kinds of messages from SonicWALL so when it came in it was treated with much suspicion.

The message can be found here: SonicWALL Security Advisory Announcement

Below is a quote with all of the tracking stuff removed from the URLs.

July 19, 2019
A message from Bob VanKirk, SVP and Chief Revenue Officer
Dear Philip,
Ensuring the security of our customers is a responsibility we take seriously at SonicWall and we work vigilantly to always keep our customers secure. To that end, I wanted to make you aware of the security advisory we released today. We will be communicating this information to our end users as well and posting messaging on our support and product notification pages. We have also developed materials that should be helpful to you and SonicWall end users, including step-by-step text and video instructions on how to update your SonicOS Firmware. Should you or a customer need immediate technical support, please open a support case online.

Mitigation Steps

For now, get in there and disable management on the X1 (WAN) interface.

  1. Log on to the admin portal from _inside_ production/management network
  2. Click on Network
  3. Click on Interfaces (usually comes up by default)
  4. Click the Edit button to the right of X1
    • B
  5. Remove any tick marks from HTTP and HTTPS
    • image
  6. Click OK
  7. Log off

Note that it does not matter what port the management portal is listening on, someone would find it!

As an alternative, one could set up a Firewall rule set that allows only our office IP address to have access to that port on the WAN interface. Normally, the only time we open this setting up is when we’re troubleshooting a firewall rule that does not seem to be working as expected.

A Rule of Thumb or Two

  1. Never, ever, open a management interface to the Internet unrestricted. Never
    • iDRAC, iLO, Intel RMM, any other such device included
  2. Update all edge devices. Pay for the support if need-be but keep them up to date.

Conclusion

We are in the process of checking all of our managed SonicWALL firewalls to make sure they are not accessible and are up to date.

Note that the SonicWALL site was offline for most of this morning. Co-incidence with the announcement? Not sure.

That being said, being safe is better than being sorry. 😉

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
www.s2d.rocks !
Our Web Site
Our Cloud Service

Leave a comment

Your email address will not be published. Required fields are marked *