A security warning has been issued to anyone using SonicWall’s Global VPN Client v4.10.4.0314 or any of the earlier versions.
SonicWall has disclosed that specific versions of its traditional VPN client, that allows secure access to your corporate network, have an insecure library loading vulnerability. Also known as DLL hijacking, if successfully exploited, the vulnerability could allow an attacker to execute arbitrary commands or code on the compromised systems.
Earlier this month, SonicWall’s SonicOS, which is the operating system that powers its range of network security devices, was also hit by a vulnerability that affected its VPN login page.
While the company investigates the latest vulnerability, if you use SonicWall Global VPN client (GVC), you should update your client. SonicWall recommends switching to v18.104.22.1681 or later to mitigate the threat.
Surprisingly though at the time of filing, the Downloads page of the GVC still pointed users to the affected v4.9.22.
More details are awaited as the company analyses the vulnerability – TechRadar Pro has contacted SonicWall for comment.
- Protect yourself while on the go with these best VPN services around today