Critical SonicWall Network Security Manager Flaw Let Attackers Perform OS Command Injection

While SonicWall has notified all its clients about this risk and asserted that each and every customer must patch a post-authentication vulnerability instantly without wasting any additional time.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity and hacking news updates.

The company claimed that they have not experienced any severe attacks and are hoping to bring all the dependable spots so that the customers will not have to deal with any undesirable issues. Thats why the company has prompted each and every consumer to keep patching their gadgets from time to time.

CVE: CVE-2021-20026.

Nevertheless, this is not the very first time when SonicWall is being targetted by the hazard actors, as there are different SonicWall zero-day vulnerabilities that have been targetted by the threat stars this year.

Defect profile.

Hackers abused Several SonicWall zero-days.

Apart from all this thing, the same zero-day bug was again abused in attacks when the threat actors are targeting SonicWalls internal systems in the month of January.

CVE SCORE: 8.8/ 10 seriousness rating.
IMPACTED VERSION: Network Security Manager (NSM) 2.2.0-R10-H1 and earlier.
PATCHED VERSION: Network Security Manager (NSM) 2.2.1-R6, Network Security Manager (NSM) 2.2.1-R6 (Enhanced).

SonicWall keeps upgrading all its patches from time to time, thats why it has actually covered an actively exploited zero-day in the month of February. Not only this however a Mandiant danger specialist has tracked that a strong threat actor has actually attacked a zero-day in SonicWall SMA 100 Series VPN home appliances..

SonicWall is a security supervisor that enables the users to organize all firewall program services error-free, and later on inspect all the threats and threats that came across the environment of the firewall.

The post-authentication vulnerability puts a great deal of influence on-premises variations of the Network Security Manager, so it will be rather easy for the consumers to get a correct solution in the multi-tenant firewall software management..

Not long after January, SonicWall has actually again covered three zero-days that are exploited in the wild, and all these zero-days are continually striking the Email Security (ES) items of the business.

Nevertheless, the security experts at SonicWall have spotted just recently a defect in SonicWall Network Security Manager that enables the threat actors to perform the OS command injections.