Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources. An October patch for a critical remote code execution (RCE) bug in a SonicWall VPN appliance turned out to be insufficient. While the patch closed the RCE attack vector, the patch was incomplete, according to Tripwire s Vulnerability and Exposures Research Team (VERT) Craig Young said the initial patch for the vulnerability was botched, needing a one- or two-line fix.
Source: https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/