CVE-2024-45316

Name of the Vulnerable Software and Affected Versions SonicWall Connect Tunnel versions 12.4.3.271 and earlier of Windows client

Description The issue allows users with standard privileges to delete arbitrary folders and files, potentially leading to a local privilege escalation attack. This is due to improper link resolution before file access, also known as 'Link Following'.

Recommendations For SonicWall Connect Tunnel versions 12.4.3.271 and earlier of Windows client, update to a version later than 12.4.3.271 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and folders to minimize the risk of exploitation.