A researcher at Positive Technologies has provided details about the CVE-2021-20026 command injection flaw that exploits SonicWall’s Network Security Manager (NSM) device. The flaw tracked as CVE-2021-20026 is rated with an 8.8 severity score and was patched in May 2021.
SonicWall advised users to 'immediately' fix a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution which can be abused through specially crafted HTTP requests sent to the susceptible application.
An attacker could exploit the flaw to execute arbitrary commands on the underlying operating system with root privileges.
The security flaw was discovered by Nikita Abramov, a researcher at Russian cybersecurity firm Positive Technologies, who explains that the flaw exists due to improper validation of input data which is directly passed to the operating system for processing.
Abramov explained that an attacker with authorization in NSM with a minimum level of privileges could potentially exploit the flaw to compromise the product. Threat actors can exploit this flaw to inject OS commands which will help them in securing access to all the features that the vulnerable on-premises SonicWall NSM platform has to offer, as well as to the entire underlying operating system.
NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations. The product is available for on-premises deployments or as a SaaS offering.
“A successful attack on a vulnerable device requires authorization in NSM with a minimum level of privileges. SonicWall NSM allows centralized management of hundreds of devices. Tampering with this system may negatively impact a company’s ability to work, to the point of full disruption of its protection system and stopping of business processes,” Nikita Abramov, stated.
The security flaw impacts the 2.2.0-R10 and earlier releases of on-premises SonicWall NSM and it has been addressed with the release of NSM 2.2.1-R6, which SonicWall customers are encouraged to install.
“As with Cisco ASA, successful attackers could disable access to the company’s internal network by blocking VPN connections, or write new network traffic policies thus fully preventing its checks by a firewall.” “Tampering with this system may negatively impact a company's ability to work, to the point of full disruption of its protection system and stopping of business processes,” Abramov added.