Security News > 2021 > July > Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw
A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall's Network Security Manager product.
The security hole affects the on-premises versions of SonicWall NSM only and can be exploited through specially crafted HTTP requests sent to the vulnerable application.
An attacker able to exploit this vulnerability to inject OS commands could gain access to all the features that the vulnerable on-premises SonicWall NSM platform has to offer, as well as to the entire underlying operating system.
Such an attack could result in the immediate compromise of the devices that SonicWall NSM is used to manage - the product can be used to manage hundreds of devices.
The security bug impacts the 2.2.0-R10 and earlier releases of on-premises SonicWall NSM and it has been addressed with the release of NSM 2.2.1-R6, which SonicWall customers are encouraged to install.
"This vulnerability only impacts on-premises deployments and not the more common SaaS version of the NSM service. Impacted SonicWall partners and customers were quickly informed of the patch and were provided upgrade guidance in May 2021," SonicWall PSIRT said.