SonicWall urges customers to ‘immediately’ patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution.
The vulnerability tracked as CVE-2021-20026 affects NSM 2.2.0-R10-H1 and earlier and it was patched by SonicWall in the NSM 2.2.1-R6 and 2.2.1-R6 versions.
SonicWall rated it with an 8.8/10 severity score and authenticated attackers can exploit it for OS command injection in low complexity attacks that don’t require user interaction.
“This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root),” SonicWall explains.
"This vulnerability only impacts on-premises NSM deployments. SaaS versions of NSM are not affected."
While the company did not mention an immediate danger of attackers exploiting this vulnerability or active in the wild exploitation, SonicWall is urging customers to patch their devices immediately.
SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version immediately
Sonic wall Zero Day earlier this year spotted for which company urged the customers to patch immediately.