Cybersecurity specialists reported the finding of a severe vulnerability affecting SonicWall Global VPN client. According to the report, successful exploitation of this flaw would allow deploying dangerous hacking scenarios.
Tracked as CVE-2021-20047, the vulnerability exists due to insecure way of searching and loading DLL libraries, which local users can abuse to place a specially crafted DLL library onto the exposed system to run arbitrary code after a privilege escalation condition.
This is a medium severity vulnerability and received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS).
The flaw resides in the following SonicWall Global VPN client versions: 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.4.0314, 4.10.5.1021 & 4.10.6.0913.
Exploitation of this vulnerability must be done locally, which further reduces the risk of exploitation. Still, it’s best to update administrators of compromised deployments as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.