This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A researcher at Positive Technologies has provided details about the CVE-2021-20026 command injection flaw that exploits SonicWall’s Network Security Manager (NSM) device. The flaw tracked as CVE-2021-20026 is rated with an 8.8 severity score and was patched in May 2021.
SonicWall advised users to ‘immediately’ fix a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution which can be abused through specially crafted HTTP requests sent to the susceptible application. An attacker could exploit the flaw to execute arbitrary commands on the underlying operating system with root privileges.
The security flaw was discovered by Nikita Abramov, a researcher at Russian cybersecurity firm Positive Technologies, who explains that the flaw exists due to improper validation of input data which is directly passed to the operating system for processing.
Abramov explained that an attacker with authorization in NSM with a minimum level of privileges could potentially exploit the flaw to compromise the product. Threat actors can exploit this flaw to inject OS commands which will help them in securing access to all the features that the vulnerable on-premises SonicWall NSM platform has to o
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: SonicWall Patches Critical CVE-2021-20026 Vulnerability in NSM Product