PT-2021-13734 · Sonicwall · Sonicwall Global Vpn Client

Published

2021-09-21

Updated

2021-10-05

CVE-2021-20037

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SonicWall Global VPN Client versions 4.10.5 and earlier

Description: The issue is related to incorrect default file permission in the SonicWall Global VPN Client installer, which can lead to privilege escalation and potentially allow command execution in the host operating system.

Recommendations: For SonicWall Global VPN Client versions 4.10.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-20037

Affected Products

Sonicwall Global Vpn Client

PT-2021-13734 · Sonicwall · Sonicwall Global Vpn Client

CVE-2021-20037

Weakness Enumeration

Related Identifiers

Affected Products

References · 4