Important privilege escalation flaw in SonicWall Global VPN client: Patch immediately

Cybersecurity specialists reported the finding of a severe vulnerability affecting SonicWall Global VPN client. According to the report, successful exploitation of this flaw would allow deploying dangerous hacking scenarios.

Tracked as CVE-2021-20047, the vulnerability exists due to insecure way of searching and loading DLL libraries, which local users can abuse to place a specially crafted DLL library onto the exposed system to run arbitrary code after a privilege escalation condition.

This is a medium severity vulnerability and received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS).

The flaw resides in the following SonicWall Global VPN client versions: 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.4.0314, 4.10.5.1021 & 4.10.6.0913.

Exploitation of this vulnerability must be done locally, which further reduces the risk of exploitation. Still, it’s best to update administrators of compromised deployments as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.