Security News > 2021 > May > SonicWall Patches Command Injection Flaw in Firewall Management Application

SonicWall Patches Command Injection Flaw in Firewall Management Application
2021-05-31 13:04

SonicWall last week announced the availability of patches for a severe vulnerability in its Network Security Manager product.

NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations.

SonicWall's platform is available both for on-premises deployments and as SaaS. Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the recently patched vulnerability impacts on-premises versions of SonicWall NSM, but does not affect NSM SaaS versions.

The issue, SonicWall reveals in a security advisory, is an OS command injection flaw that could be exploited by an attacker who has already been able to authenticate to a vulnerable system.

"This critical vulnerability potentially allows a user to execute commands on a device's operating system with the highest system privileges," SonicWall explains.

The vulnerability impacts SonicWall NSM On-Prem 2.2.0-R10 and earlier releases, and was addressed with the release of NSM versions 2.2.1-R6 and 2.2.1-R6. In its advisory, SonicWall is urging all customers to apply the available patches as soon as possible, to ensure they remain protected.


News URL

http://feedproxy.google.com/~r/securityweek/~3/dJ3zZ7jj7HU/sonicwall-patches-command-injection-flaw-firewall-management-application

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-20026 OS Command Injection vulnerability in Sonicwall Network Security Manager 2.2.0
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request.
network
low complexity
sonicwall CWE-78
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sonicwall 113 0 41 74 38 153