CVE-2021-20026

Summary

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.

Affected Software

VendorProductVersion RangeStatus
SonicWallSonicWall NSM On-PremNSM On-Prem 2.2.0-R10 and earlieraffected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References