CVE-2021-20037

Published: Sep 21, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.

Affected (1)

Products: Sonicwall: Global Vpn Client

1 product

Global Vpn Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Global Vpn Client	Up to 4.10.5

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024

Source: PSIRT@sonicwall.com

Vendor Advisory

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.