CVE-2021-20026

Name of the Vulnerable Software and Affected Versions SonicWall NSM On-Prem versions 2.2.0-R10 and earlier

Description A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. The issue is related to the failure to neutralize special elements used in an OS command. This could allow a remote attacker to execute arbitrary commands using specially crafted HTTP requests.

Recommendations For versions 2.2.0-R10 and earlier, update to a version later than 2.2.0-R10 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request functionality to minimize the risk of exploitation.