SonicWall Network Security Manager (NSM)

SonicWall On-Prem Network Security Manager (NSM) is designed for centralized firewalls SonicWall management, threat and risk tracking in network traffic.

2021: Fix a vulnerability that allows an attacker to gain full control of the system

On July 1, 2021, Positive Technologies announced the discovery of a vulnerability that allows an authenticated attacker to gain full control over the SonicWall On-Prem Network Security Manager (NSM) system.

The error received ID CVE-2021-20026 and a rating of 8.8 on the CVSSv3 scale, which corresponds to a high level of danger. To exploit this vulnerability - implementing server operating system commands in a user request - attackers must be authenticated to NSM. In the event of a successful attack, the attacker can access both all the capabilities of the vulnerable platform SonicWall NSM within the organization, and the operating system on which it is deployed.

The vulnerability was fixed SonicWall in May 2021.

To attack a vulnerable device, authorization in the NSM system is enough even with a minimum level of privileges. The NSM SonicWall system can centrally manage hundreds of devices. Therefore, the consequences of interfering in its work can negatively affect the work of the organization until its protection from the outside world is completely disconnected or even stopped, business processes- said Nikita Abramov, an expert at PT - there is a risk that the attacker may limit access to the internal network of the organization, by blocking access to, VPN or by signing other policies for network traffic, completely stopping its passage through. firewall

Through its collaboration with Positive Technologies, SonicWall was able to confirm and correct the authentication vulnerability of SonicWall On-Prem Network Security Manager (NSM). The vulnerability affected only locally deployed versions of the product (on-premises) and did not affect the more common version of the SaaS. Affected partners and customers of the SonicWall were immediately informed of the patch and received instructions for updating in May 2021.

According to the researcher, from a technical point of view, the vulnerability is caused by insufficient filtering of input data and their direct transfer to the operating system for processing. These errors can be reduced or eliminated by implementing secure programming at all stages of the development cycle. However, because even automated checks sometimes miss code errors, conducting penetration tests before a product enters the market can increase confidence that certain vulnerabilities will be detected and resolved.

Vulnerabilities are affected SonicWall NSM On-Prem 2.2.0-R10 and earlier versions of the product. To fix the problem, the manufacturer recommends installing SonicWall NSM 2.2.1-R6.