Security Experts:

Connect with us

Hi, what are you looking for?



Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw

A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall’s Network Security Manager (NSM) product.

A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall’s Network Security Manager (NSM) product.

NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations. The product is available for on-premises deployments or as a SaaS offering.

Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the vulnerability was patched in May 2021. The security hole affects the on-premises versions of SonicWall NSM only and can be exploited through specially crafted HTTP requests sent to the vulnerable application.

An attacker looking to exploit the vulnerability needs to be authenticated to the vulnerable application. The attacker could then execute commands on the underlying operating system with root privileges.

The flaw was identified by Nikita Abramov, a researcher at Russian cybersecurity firm Positive Technologies, who explains that the issue exists due to insufficient filtering of input data, and because that data is directly sent to the operating system for processing.

An attacker able to exploit this vulnerability to inject OS commands could gain access to all the features that the vulnerable on-premises SonicWall NSM platform has to offer, as well as to the entire underlying operating system.

Even attackers with a minimum level of privileges could successfully exploit the vulnerability. Such an attack could result in the immediate compromise of the devices that SonicWall NSM is used to manage — the product can be used to manage hundreds of devices.

“Tampering with this system may negatively impact a company’s ability to work, to the point of full disruption of its protection system and stopping of business processes,” Abramov says.

The security bug impacts the 2.2.0-R10 and earlier releases of on-premises SonicWall NSM and it has been addressed with the release of NSM 2.2.1-R6, which SonicWall customers are encouraged to install.

“This vulnerability only impacts on-premises deployments and not the more common SaaS version of the NSM service. Impacted SonicWall partners and customers were quickly informed of the patch and were provided upgrade guidance in May 2021,” SonicWall PSIRT said.

Related: Attackers Leverage SonicWall VPN Flaw to Compromise SRA Appliances

Related: SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched

Related: Three Zero-Day Flaws in SonicWall Email Security Product Exploited in Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet