Lofi42

**Name of the Vulnerable Software and Affected Versions** SonicWall SSL-VPN NetExtender versions prior to 2.1.0.51 SonicWall SSL-VPN NetExtender versions 2.5.x prior to 2.5.0.56 **Description** The issue allows remote attackers to execute arbitrary code via a long Unicode property value in several parameters, including `serverAddress`, `sessionId`, `clientIPLower`, `clientIPHigher`, `userName`, `domainName`, or `dnsSuffix`. **Recommendations** For versions prior to 2.1.0.51, update to version 2.1.0.51 or later. For versions 2.5.x prior to 2.5.0.56, update to version 2.5.0.56 or later.

**Name of the Vulnerable Software and Affected Versions** SonicWall SSL-VPN 200 versions prior to 2.1 SonicWall SSL-VPN 2000/4000 versions prior to 2.5 WebCacheCleaner ActiveX control version 1.3.0.3 **Description** The issue allows remote attackers to delete arbitrary files via a full pathname in the argument to the `FileDelete` method. This is due to an absolute path traversal vulnerability in the WebCacheCleaner ActiveX control. **Recommendations** For SonicWall SSL-VPN 200 versions prior to 2.1, update to version 2.1 or later. For SonicWall SSL-VPN 2000/4000 versions prior to 2.5, update to version 2.5 or later. For WebCacheCleaner ActiveX control version 1.3.0.3, consider disabling the `FileDelete` method until a patch is available.