Hello, welcome to the Monday, June 14th, 2021 edition of the Sands and the Storm Center's Stormcast. My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida, but teaching virtually in Paris, France.

Whenever a vendor releases a security bulletin and patches that usually go with it, there's

usually a list of a warnable devices or vulnerable software versions that are affected and

that need to be updated.

The problem is that software or device versions that are no longer supported are often not listed, so it's

not really clear if those devices are vulnerable.

And apparently this happened with Sonic Wall VPN devices, in particular the Secure Remote

Access 4,600 devices. As CrowdStrike found out, these devices are

vulnerable to a problem that was patched in early 2019, even though that vulnerability was not

necessarily called out for these older devices.

There's also then some later updated guidance that apparently isn't quite correct.

Version 8 and 9 of the software that's running on these devices is vulnerable.

However, there was a version 9-005 that, according to some Sonic Wall advice, was not vulnerable, but Crowdstrike

found that it was indeed vulnerable, and that was the latest and only real current firmware

that's running on these SRA 4,600 devices.

So your only really mitigation here is throw out the old devices, buy yourself a new one that's running the 10-dot firmer, and that should then fix

this problem. And this is really not just a Sonic Wall problem. This is very common that

these end-of-life devices are no longer supported and vulnerabilities are no longer really made

public in these devices because, well, nobody really is testing them other than maybe the bad

guys. So always keep track of out-of and end of life devices and software in a network

and replace it as soon as possible.

...