SonicWall urges customers to “immediately” patch a post-authentication vulnerability that impacts on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution.
The CVE-2021-20026 vulnerability affects NSM 2.2.0-R10-H1 and previous versions, and it was patched by SonicWall in NSM 2.2.1-R6 and 2.2.1-R6 (Enhanced) versions. It has an 8.8/10 severity rating from SonicWall, and authenticated intruders can use it for OS command injection in low-complexity attacks that don’t require user interaction.
The SonicWall stated, “This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root). This vulnerability only impacts on-premises NSM deployments, SaaS versions of NSM are not affected.”
SonicWall is urging consumers to patch their devices instantaneously, despite the fact that the business did not mention an immediate threat of attackers exploiting this vulnerability or active in the wild exploitation.
“SonicWall customers who are running the on-premises NSM versions listed below should upgrade to the patched version as soon as possible,” the company advised.
When requested for comment by Bleeping Computer, SonicWall refused to provide any specifics about the active exploitation of CVE-2021-20026, instead responded with the information in the security advisory.
Several SonicWall appliance vulnerabilities have been targeted by threat actors this year. Many of them are zero-days that were actively exploited in the wild before the company released fixes. SonicWall fixed an actively exploited zero-day vulnerability affecting the SMA 100 series of SonicWall networking devices in February.
A financially motivated threat actor, which was tracked down by Mandiant threat analysts as UNC2447, took advantage of another zero-day in SonicWall SMA 100 Series VPN appliances to spread newly found FiveHands ransomware on the networks of North American and European targets.
In January, the same zero-day bug was exploited in assaults targeting SonicWall’s internal systems, and it was afterward exploited indiscriminately in the wild. SonicWall patched three more zero-day vulnerabilities discovered in the wild in March, impacting the company’s on-premises and hosted Email Security (ES) products.
These zero-days were abused by a group known as UNC2682 to backdoor systems via BEHINDER web shells, allowing the attackers to travel laterally through their victims’ networks and access emails and files, as Mandiant discovered researching the attacks.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.