Skip to main content

SonicWall VPN client hit with a RCE vulnerability

botnet
(Image credit: Shutterstock / Jaiz Anuar)

UPDATE: A SonicWall spokesperson told us, “SonicWall takes every disclosure or discovery seriously to help maintain the highest standards for product and technology integrity. As part of that commitment, SonicWall openly collaborates with third-party organizations and researchers to identify, investigate and mitigate emerging vulnerabilities before they impact end organizations, as was the case here."

"Organizations using SonicWall Global VPN client version 4.10.4.0314 or earlier should log in to MySonicWall.com with their approved credentials and upgrade to SonicWall Global VPN client version 4.10.5.1021. Alternatively, organizations can visit https://www.sonicwall.com/products/remote-access/vpn-clients/ to upgrade to the latest SonicWall Global VPN client.”

A security warning has been issued to anyone using SonicWall’s Global VPN Client v4.10.4.0314 or any of the earlier versions.

SonicWall has disclosed that specific versions of its traditional VPN client, that allows secure access to your corporate network, have an insecure library loading vulnerability. Also known as DLL hijacking, if successfully exploited, the vulnerability could allow an attacker to execute arbitrary commands or code on the compromised systems.

Earlier this month, SonicWall’s SonicOS, which is the operating system that powers its range of network security devices, was also hit by a vulnerability that affected its VPN login page.

SonicWall VPN 

While the company investigates the latest vulnerability, if you use SonicWall Global VPN client (GVC), you should update your client. SonicWall recommends switching to v4.10.5.1021 or later to mitigate the threat. 

  • Protect yourself while on the go with these best VPN services around today