Cybersecurity specialists reported the finding of a severe vulnerability affecting SonicWall Global VPN client. According to the report, successful exploitation of this flaw would allow deploying dangerous hacking scenarios.

Tracked as CVE-2021-20047, the vulnerability exists due to insecure way of searching and loading DLL libraries, which local users can abuse to place a specially crafted DLL library onto the exposed system to run arbitrary code after a privilege escalation condition.

This is a medium severity vulnerability and received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS).

The flaw resides in the following SonicWall Global VPN client versions: 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.4.0314, 4.10.5.1021 & 4.10.6.0913.

Exploitation of this vulnerability must be done locally, which further reduces the risk of exploitation. Still, it’s best to update administrators of compromised deployments as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Important privilege escalation flaw in SonicWall Global VPN client: Patch immediately appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

3 important vulnerabilities in Samba: Patch immediately

Samba announced the release of some updates that aim to address various…

Very critical vulnerability CVE-2022-35737 affects all SQLite versions released in past 22 years. Patch immediately

Nearly everything uses SQLite, including cellphones, other computer languages, and battleships in…

Critical vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) would allow easy root access to affected servers

In its latest security advisory Cisco announced the fix of several flaws…