Notified:  September 20, 2007 Updated: November 05, 2007

Status

Affected

Vendor Statement

SSL-VPN 200 Platform The fix was made publicly available on 7/20/07 with the web-post of 2.1.0.0-8sv. The web-posted firmware contains version 2.1.0.51 of the NELaunchCtrl ActiveX control, which fixed the issue. SSL-VPN 2000/4000 Platform The fix was first made publicly available on 10/22/07 with the web-post of 2.5.0.0-9sv. The web-posted firmware contains version 2.5.0.53 of the NELaunchCtrl ActiveX control, which fixed the issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

These updates can be obtained from the SonicWall Support page. Please note that the client systems must connect to a NetExtender SSL VPN unit to obtain the fixed control. If you are unable to obtain a fixed version of the control, please disable the ActiveX control.