Internet security organization SonicWall has promptly recommended its customers to patch a critical vulnerability affecting its on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution, as was noted in its security advisory.
Critical Security Flaw in NSM firewall management:
According to security experts, the vulnerability is a post-authentication security flaw critically impacting the NSM 2.2.0-R10-H1. It is traced as CVE-2021-20026 and has scored an 8.8/10 on the vulnerability security score.
While the vulnerability was previously patched in the SonicWall NSM 2.2.1-R6 and 2.2.1-R6 (Enhanced) versions, the new version of the NSM getting impacted by the security flaw raises severe cybersecurity concerns.
SonicWall has provided that successful exploitation of the vulnerability could facilitate a malicious actor with the ability to execute commands on a vulnerable system’s OS in low- complexity attacks with the highest system privileges i.e root privileges.
Also read,
The active exploitation of the critical security flaw also does not require any user interaction, thereby making it all the more critical from a severe cyber-hazard point of view.
“This vulnerability only impacts on-premises NSM deployments. SaaS versions of NSM are not affected,” says SonicWall.
While the internet security org has not disclosed entails regarding any immediate dangers or exploitations of the vulnerability in wild, SonicWall strongly urges customers to the security flaw as early as possible.
“SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version immediately,” provided SonicWall in its security advisory.
A slew of security patches this year:
SonicWall has created quite a stir this year with the number of vulnerabilities that were being exploited within its appliances.
Many of them were actively exploited zero-days that were reportedly being compromised in the wild.
Back in February, SonicWall also patched an actively exploited zero-day within the SMA 100 series.
According to Mandiant findings, another zero-day the same SMA 100 series was targeted and exploited in two instances, one of which, was to deploy the FiveHands ransomware
The month of March also witnessed SonicWall patching another three zero-days impacting its on-premises and hosted Email Security (ES) products, which were also being exploited in the wild.