SonicWall issues revised SMA 100 firmware

Enterprise security device vendor SonicWall is urging customers to apply newly released patches for its SMA 100 series products, which earlier this year were found to contain admin credential leak and remote code execution vulnerabilities.

SonicWall said the updated firmware has “code-hardening fixes” that were identified during an internal code audit.

Apart from addressing the earlier zero-day vulnerabilities that are being exploited in the wild, the firmware also contains a roll-up of customer issue fixes that were not included in the patch released at the beginning of this month, SonicWall said.

The new 9.0 and 10.2 firmware applies to the SMA 200, 210, 400 and 410 physical and SMA 500v for Microsoft Azure and HyperV, Amazon Web Services, and vMWare ESXi virtual appliances.

Users should also apply multi-factor authentication using time-based one-time passwords for the SMA 100 series products as a safeguard against credential theft, SonicWall advised.