Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product.
At the end of May, SonicWall urged its customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026, impacting on-premises versions of the Network Security Manager (NSM).
The vulnerability rated with an 8.8 severity score could be simply exploited without user interaction.
The flaw could be exploited by an authenticated attacker to perform OS command injection using a crafted HTTP request.
The flaw affects NSM version 2.2.0-R10-H1 and earlier, the security vendor addressed it with the release of NSM 2.2.1-R6 and 2.2.1-R6 (Enhanced) versions.
“This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root),” SonicWall explains.
“SonicWall has validated and patched a post-authentication vulnerability (SNWLID-2021-0014) within the on-premises version of Network Security Manager (NSM). This vulnerability only impacts on-premises NSM deployments. SaaS versions of NSM are not affected.” reads the security advisory published by SonicWall. “This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root).”
An attacker could exploit the vulnerability to execute arbitrary commands on the underlying operating system with root privileges.
The flaw was caused by the improper validation of input data which is directly passed to the operating system for processing.
Abramov explained that an attacker with authorization in NSM with a minimum level of privileges could potentially exploit the flaw to compromise the device.
“A successful attack on a vulnerable device requires authorization in NSM with a minimum level of privileges. SonicWall NSM allows centralized management of hundreds of devices. Tampering with this system may negatively impact a company’s ability to work, to the point of full disruption of its protection system and stopping of business processes.” said Nikita Abramov “As with Cisco ASA, successful attackers could disable access to the company’s internal network by blocking VPN connections, or write new network traffic policies thus fully preventing its checks by a firewall.”
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, SonicWall NSM)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.