Cybersecurity specialists reported the finding of a severe vulnerability affecting SonicWall Global VPN client. According to the report, successful exploitation of this flaw would allow deploying dangerous hacking scenarios.

Tracked as CVE-2021-20047, the vulnerability exists due to insecure way of searching and loading DLL libraries, which local users can abuse to place a specially crafted DLL library onto the exposed system to run arbitrary code after a privilege escalation condition.

This is a medium severity vulnerability and received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS).

The flaw resides in the following SonicWall Global VPN client versions: 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.4.0314, 4.10.5.1021 & 4.10.6.0913.

Exploitation of this vulnerability must be done locally, which further reduces the risk of exploitation. Still, it’s best to update administrators of compromised deployments as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Important privilege escalation flaw in SonicWall Global VPN client: Patch immediately appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

3 critical vulnerabilities in APC UPS could be exploited to shot down thousands of data centers

Cybersecurity specialists report the detection of three zero-day vulnerabilities in uninterruptible power…

Chinese researchers find multiple vulnerabilities in VMware ESXi, Workstation and Fusion; update ASAP

Earlier this week, VMware announced the correction of multiple critical vulnerabilities in…

This free tool allows you to discover side channel vulnerabilities in browser and OS. XS-Leaks tool

Cybersecurity specialists report finding 14 new variants of cross-site leaking attacks (XS-Leaks)…

Critical vulnerability in Cisco ASA and Cisco FTD allows to shutdown the firewall & VPN. Patch immediately

Cybersecurity specialists from Positive Technologies report the detection of three critical vulnerabilities…