June 6, 2023

SonicWall urges customers to ‘immediately’ patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution.

The vulnerability tracked as CVE-2021-20026 affects NSM 2.2.0-R10-H1 and earlier and it was patched by SonicWall in the NSM 2.2.1-R6 and 2.2.1-R6 versions.

SonicWall rated it with an 8.8/10 severity score and authenticated attackers can exploit it for OS command injection in low complexity attacks that don’t require user interaction.

“This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root),” SonicWall explains.

"This vulnerability only impacts on-premises NSM deployments. SaaS versions of NSM are not affected."

While the company did not mention an immediate danger of attackers exploiting this vulnerability or active in the wild exploitation, SonicWall is urging customers to patch their devices immediately.

SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version immediately

Sonic wall Zero Day earlier this year spotted for which company urged the customers to patch immediately.

Tags:

Leave a Reply

You may have missed

Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
%d bloggers like this: