Security News > 2021 > May > SonicWall urges customers to 'immediately' patch NSM On-Prem bug
SonicWall urges customers to 'immediately' patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager multi-tenant firewall management solution.
The vulnerability tracked as CVE-2021-20026 affects NSM 2.2.0-R10-H1 and earlier and it was patched by SonicWall in the NSM 2.2.1-R6 and 2.2.1-R6 versions.
While the company did not mention an immediate danger of attackers exploiting this vulnerability or active in the wild exploitation, SonicWall is urging customers to patch their devices immediately.
"SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version immediately," the company said.
In February, SonicWall patched an actively exploited zero-day impacting the SMA 100 series of SonicWall networking devices.
In March, SonicWall patched three more zero-days exploited in the wild and affecting the company's on-premises and hosted Email Security products.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-20026 | OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0 A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. | 8.8 |