Skip to content

SonicWall Product Notice: Spectre & Meltdown Vulnerability Update

On Jan. 3, two processor vulnerabilities, known as Spectre and Meltdown, were published by Google’s Project Zero security team. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and Arm. A successful exploit of this vulnerability allows an attacker to access sensitive information (e.g., passwords, emails, documents) inside protected memory regions on modern processors. Because the OS-level memory isolation is usually considered trustworthy, this data is most likely to appear in plaintext in memory when processed by the OS and applications. Your SonicWall customers are not susceptible to Spectre and Meltdown vulnerabilities. No updates are needed at this time. The SonicWall Capture Labs investigated the Spectre and Meltdown vulnerabilities and found the following:
  •  The full range of SonicWall TZ, NSA and SuperMassive firewalls are not vulnerable to the Meltdown or Spectre vulnerabilities.
  •  All other SonicWall products, including Email Security, Secure Mobile Access and Global Management System, also are not at risk. These products are hardened and do not run third-party code, which is a prerequisite for this attack.
  •  Signatures for SonicWall Gateway Anti-Virus (Exploit.Spectre.A) and Intrusion Prevention Service (IPS 13149: Suspicious Javascript Code) have been released to identify and defend the networks. Each are automatically applied to licensed firewalls with GAV and IPS enabled.
For additional details on Spectre and Meltdown vulnerabilities, as well as recommended action for third-party solutions, please review our detailed SonicAlert, the knowledge base (KB) support article and the SonicWall University Spectre & Meltdown video.
Previous article SonicWall’s Tiffany Haselhorst Joins 2020 CRN 100 Rising Female Stars List

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now