Skip to content

SonicWALL: Wind River VxWorks and URGENT/11: Patch Now

Notice: SonicWall physical firewall appliances running certain versions of SonicOS utilize third-party TCP/IP code for remote management that contain vulnerabilities named URGENT/11. At this time, there is no indication that the discovered vulnerabilities are being exploited in the wild, however:

SonicWall STRONGLY advises to apply the SonicOS patch immediately. Patches are available for all recent SonicOS versions. Detailed instructions are provided in the Security Advisory.

SonicWall provides the patched versions of SonicOS at no charge, including for customers not currently covered by an active support contract. SonicWall also recommends updating to the latest SonicOS release (, which provides firewall capabilities to help protect other devices vulnerable to URGENT/11.

Wind River VxWorks and URGENT/11 vulnerabilities

Security researchers at Armis have discovered and responsibly disclosed 11 vulnerabilities in the TCP/IP stack of Wind River’s VxWorks real-time operating system, which is utilized by millions of devices around the world, as well as in space, on Mars and in certain versions of SonicOS. The Wind River VxWorks TCP/IP stack, named IPNET, contains vulnerabilities that have been given the name “URGENT/11.”  The one material vulnerability type that impacted SonicOS is addressed by the patch releases.

Unmanageable & un-patchable: The Wild West of IoT

Wind River VxWorks is a real-time operating system that is widely used in IoT and embedded applications, such as networking, telecom, automotive, medical, industrial, consumer electronics, aerospace and beyond.

While firewalls are charged with protecting perimeters of organizations, they are actively managed and monitored devices, frequently from a central location. For every firewall, there is a human who wakes up each morning with a question, “Is my firewall working? Is it up to date?” Within days of an update becoming available, these humans schedule a maintenance window and close the security gap.

However, for the overwhelming majority of other devices connected or exposed to the internet, there is no such human, and the number of these IoT devices is larger than that of firewalls by several orders of magnitude. It is this multitude of connected devices that are not actively managed or patched that poses an iceberg-like risk to the internet.

Vulnerabilities are eventually discovered for even the best software, and the security of the internet and the online ecosystem relies on the ability to roll out and deploy the fixes.

In the mid-year update to the 2019 SonicWall Cyber Threat Report, SonicWall Capture Labs threat researchers have already logged 13.5 million IoT attacks, which outpaces the first two quarters of 2018 by 54.6%.

This reality is taking hold in the minds not only of security practitioners, but also of government regulators, as the hundreds of millions of IoT devices are found to be vulnerable and remain unpatched.

This is one of the risky underbellies of the internet, led by the explosion of IoT devices, including consumer-grade devices that are frequently deployed at the edge of the internet and then forgotten for a decade. IoT’s broad reach should reverberate through several industries as a wakeup call.

‘Never stop patching’

The weaponization of published vulnerabilities against old software serves as an important reminder that customers should never procrastinate software updates, which are one of the most important steps you can take to secure your infrastructure against today’s rapidly-evolving threat landscape.

Do not ignore them or put them off. Patch now. And never stop patching.

Previous article SonicWall’s Tiffany Haselhorst Joins 2020 CRN 100 Rising Female Stars List

More SonicWall News Posts

  • Product Security Notice:  SONICWALL SSL-VPN SMA100 Series Vulnerabilities
    December 7, 2023 Esther McNally

    Product Security Notice: SONICWALL SSL-VPN SMA100 Series Vulnerabilities

    SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...

    Read now
  • Turn On Your MFA
    November 9, 2023 Esther McNally

    Turn On Your MFA

    With millions of stolen credentials currently up for sale, the time for stronger authentication is now. In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many...

    Read now
  • Password Pro Tips
    November 7, 2023 Esther McNally

    Password Pro Tips

    A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...

    Read now