| SonicWall is committed to maintaining the privacy and security of personal information. For this reason, we are notifying you about a recent issue we discovered related to our hosted and on-prem Email Security products and Comprehensive Anti-Spam Service (CASS) used on next-generation firewalls. Because we value the importance of your privacy and information security, we are treating this matter very seriously. What happened? SonicWall recently became aware that Email Security (ES) 10.0.7, Hosted Email Security (HES) 10.0.7 and the SonicWall Comprehensive Anti-Spam Service allow recipients of emails to potentially view the email addresses included in the ‘BCC’ field if the recipient clicks on the header information of the email. Once SonicWall learned of the issue, we launched a full investigation into the scope of the incident and took corrective measures to address the matter. What information was involved? The only information potentially exposed are email address(es), if any, in the BCC line of the email header. This information is only available if the recipient accesses the header information of the email they receive. The BCC addresses are not accessible via emails sent as a reply to the original impacted email or if the impacted email is forwarded. What actions were taken? SonicWall takes the privacy and security of personal information seriously. As soon as SonicWall validated the issue, we moved quickly to ensure the 10.0.7 release for impacted products was removed from our site. In addition, we are releasing version 10.0.8 for our Email Security (on-premise), HES (cloud) and CASS products. The 10.0.8 release addresses the issue such that BCC email addresses will not be accessible by a recipient if you are using this release. What do customers using on-premise products need to do? • If your organization is using on-premise Email Security 10.0.7, we recommend you immediately discontinue the use of this version and either upgrade your firmware to release 10.0.8 or downgrade to release 10.0.6. • Email Security 10.0.8 will be rolled out on MySonicWall.com between now and September 21, 2020. Please review the KB article “How Do I Upgrade Firmware on an Email Security Appliance?” for assistance with the upgrade process or visit sonicwall.com/support. • If you’re unable to upgrade to 10.0.8 upon its release, SonicWall recommends downgrading to 10.0.6 until the upgrade can be completed. Please review the KB article, “How to Downgrade Firmware on an Email Security Appliance,” for assistance with the downgrade process or visit sonicwall.com/support. • SonicWall’s policies regarding support of prior release versions apply. What do customers using hosted products need to do? • HES is a cloud product and was automatically upgraded to 10.0.8 version on September 17, 2020. No further steps are necessary for customers using this product. • CASS is a cloud product and was automatically upgraded to 10.0.8 version on September 17, 2020. No further steps are necessary for customers using this product. Please note: All emails sent with addresses in the BCC field via HES, CASS and on-premise ES versions of 10.0.7 cannot be retroactively corrected with the update to 10.0.8. As a company, we value honesty and openness, which is why we wanted to assure you that steps have been taken to prevent a similar issue from occurring in the future. Please direct any questions to privacy@sonicwall.com. Thank you, SonicWall |
SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...
With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...
A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...
Designed for home offices and lean branches, the TZ270 series deliver industry-validated security effectiveness with best-in-class price-performanc...
View full detailsThe SonicWall TZ570 series, is the first desktop-form factor next-generation firewall (NGFW) with 5 Gigabit Ethernet interfaces. Designed for mid...
View full detailsDesigned for small organizations and distributed enterprise with SD-Branch locations, the TZ470 series deliver industry-validated security effectiv...
View full detailsDesigned for small organizations and lean branches, the TZ370 series deliver industry-validated security effectiveness with best-in-class price-per...
View full detailsThe SonicWall TZ670 series, is the first desktop-form factor next-generation firewall (NGFW) with 10 Gigabit Ethernet interfaces. Designed for mi...
View full details
