Privilege Escalation in SonicWall Global VPN Client by Incorrect File Permissions
CVE-2021-20037

7.8HIGH

Key Information:

Vendor: Sonicwall
Status: Sonicwall Global Vpn Client
Vendor: CVE Published:; 21 September 2021

Summary

The SonicWall Global VPN Client installer versions 4.10.5 and earlier suffer from an issue due to incorrect default file permissions. This vulnerability allows local users to escalate privileges, granting them the capability to execute commands with elevated permissions on the host operating system, potentially compromising system integrity. Organizations using affected versions should consider immediate action to mitigate risks.

Affected Version(s)

SonicWall Global VPN Client Global VPN Client 4.10.5 and earlier

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2021
Vulnerability Reserved
Dec 17, 2020