CVE-2021-20037

7.8HIGH

Key Information

Vendor
Sonicwall
Status
Sonicwall Global Vpn Client
Vendor
CVE Published:
21 September 2021

Summary

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.

Affected Version(s)

SonicWall Global VPN Client = Global VPN Client 4.10.5 and earlier

Refferences

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.