SonicWall Patches Critical CVE-2021-20026 Vulnerability in NSM Product

  A researcher at Positive Technologies has provided details about the CVE-2021-20026 command injection flaw that exploits SonicWall’s Network Security Manager (NSM) device. The flaw tracked as CVE-2021-20026 is rated with an 8.8 severity score and was patched in May 2021.  SonicWall advised users to ‘immediately’ fix a post-authentication vulnerability impacting on-premises versions of the Network […]

Continue Reading

SonicWall addresses critical CVE-2021-20026 flaw in NSM devices

Positive Technologies experts provide details about potential impact of a recently fixes command injection flaw in SonicWall NSM devices. Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. At the end of May, SonicWall urged its customers to ‘immediately’ address a post-authentication vulnerability, tracked […]

Continue Reading

SonicWall NSa and NSsp firewall models accelerate network throughput, stop advanced cyberattacks

SonicWall announced three new high-performance firewall models for enterprises and large organizations — NSa 4700, NSa 6700 and NSsp 13700 — designed to accelerate network throughput, stop advanced cyberattacks like ransomware, and securely connect millions of users. Featuring some of the highest port densities in their class, the new appliances help enterprises keep pace with […]

Continue Reading

SonicWall finally fixed a flaw resulting from a partially patched 2020 zero-day

A critical vulnerability, tracked as CVE-2021-20019, in SonicWall VPN appliances was only partially patched last year and could allow a remote attacker to steal sensitive data. In October last year, experts reported a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, in SonicWall Network Security Appliance (NSA) appliances. At the time of the discovery, security experts from the Tripwire VERT […]

Continue Reading

Ransomware attackers are leveraging old SonicWall SRA flaw (CVE-2019-7481)

Since the beginning of the year, various cyber attackers leveraged a slew of zero-day vulnerabilities to compromise different SonicWall solutions. Crowdstrike now warns that a cyber-criminal group is exploiting CVE-2019-7481 – an older SQL injection vulnerability affecting SonicWall Secure Remote Access (SRA) 4600 devices running firmware versions 8.x and 9.x – to penetrate organizations’ networks. […]

Continue Reading

SonicWall Urges Customers to ‘immediately’ Patch NSM On-Prem Bug

  SonicWall urges customers to “immediately” patch a post-authentication vulnerability that impacts on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution. The CVE-2021-20026 vulnerability affects NSM 2.2.0-R10-H1 and previous versions, and it was patched by SonicWall in NSM 2.2.1-R6 and 2.2.1-R6 (Enhanced) versions. It has an 8.8/10 severity rating from SonicWall, and […]

Continue Reading

SonicWall fixes an NSM On-Prem bug, patch it asap!

SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges customers to ‘immediately’ address a post-authentication vulnerability, tracked as CVE-2021-20026, impacting on-premises versions of the Network Security Manager (NSM). The vulnerability rated with an 8.8 severity score could be simply exploited without user interaction. The flaw could […]

Continue Reading

New FiveHands Ransomware Deploy Into SonicWall Internal System

  Earlier this year, money-oriented cybercriminals leveraged a zero-day vulnerability that has been introduced by SonicWall in its Secure Mobile Access (SMA) 100 Series VPN appliances to install advanced ransomware studied as FiveHands, victims are reported to be North American and European networks.  The operation was traced by FireEye’s Mandiant cyber analysts as “UNC2447’’. Analysts […]

Continue Reading