![]() Such errors can be reduced or removed entirely by ensuring secure coding practices are adopted, reducing the propensity of coding weaknesses making it through the development lifecycle. ![]() Impacted SonicWall partners and customers were quickly informed of the patch and were provided upgrade guidance in May 2021.įrom a technical standpoint, this vulnerability is caused by insufficient filtering of input data and its direct transfer to an operating system for processing. "This vulnerability only impacts on-premises deployments and not the more common SaaS version of the NSM service. SonicWall PSIRT added: “Through ongoing collaboration with Positive Technologies, SonicWall validated and patched a post-authentication vulnerability within the on-premises version of the Network Security Manager (NSM) service. "As with Cisco ASA, successful attackers could disable access to the company's internal network by blocking VPN connections, or write new network traffic policies thus fully preventing its checks by a firewall. ![]() Tampering with this system may negatively impact a company's ability to work, to the point of full disruption of its protection system and stopping of business processes," she says. "SonicWall NSM allows centralised management of hundreds of devices. “A successful attack on a vulnerable device requires authorisation in NSM with a minimum level of privileges," says Nikita Abramov, Positive Technologies researcher. This vulnerability was patched by SonicWall in May 2021. An attacker needs to be an authenticated user into SonicWall NSM before they can exploit the vulnerability, which could allow criminals to inject OS commands in a user request, giving them access to all features of not only the vulnerable on-premises SonicWall NSM platform, but also the underlying operating system. This vulnerability, known as CVE-2021-20026, is rated as ‘High' criticality and has a CVSSv3 score of 8.8. According to IDC, SonicWall ranks fifth among manufacturers of hardware security tools worldwide. NSM is designed to centralise management of SonicWall firewalls and track threats and risks in network traffic. Positive Technologies has released more details about a vulnerability its researcher, Nikita Abramov discovered that allows authenticated attackers to obtain full control of on-premises SonicWall Network Security Manager. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |