SonicWall urges customers to ‘immediately’ patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution. The vulnerability tracked as CVE-2021-20026 affects NSM 2.2.0-R10-H1 and earlier. SonicWall rated it with an 8.8/10 severity score and authenticated attackers can exploit it for OS command injection in low complexity attacks that don’t require user interaction.
Source: https://www.bleepingcomputer.com/news/security/sonicwall-urges-customers-to-immediately-patch-nsm-on-prem-bug/