SonicWall has validated and patched a post-authentication vulnerability (SNWLID-2021-0014) within the on-premises version of Network Security Manager (NSM). This vulnerability only impacts on-premises NSM deployments. SaaS versions of NSM are not affected.
This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root).
SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version immediately.
PSIRT ADVISORY ID
Network Security Manager (NSM) 2.2.0-R10-H1 and earlier