Security News > 2021 > May > SonicWall urges customers to 'immediately' patch NSM On-Prem bug

SonicWall urges customers to 'immediately' patch NSM On-Prem bug
2021-05-28 13:46

SonicWall urges customers to 'immediately' patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager multi-tenant firewall management solution.

The vulnerability tracked as CVE-2021-20026 affects NSM 2.2.0-R10-H1 and earlier and it was patched by SonicWall in the NSM 2.2.1-R6 and 2.2.1-R6 versions.

While the company did not mention an immediate danger of attackers exploiting this vulnerability or active in the wild exploitation, SonicWall is urging customers to patch their devices immediately.

"SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version immediately," the company said.

In February, SonicWall patched an actively exploited zero-day impacting the SMA 100 series of SonicWall networking devices.

In March, SonicWall patched three more zero-days exploited in the wild and affecting the company's on-premises and hosted Email Security products.


News URL

https://www.bleepingcomputer.com/news/security/sonicwall-urges-customers-to-immediately-patch-nsm-on-prem-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-20026 OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request.
network
low complexity
sonicwall CWE-78
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153