SonicWall VPN client hit with a RCE vulnerability

(Image credit: Shutterstock / Jaiz Anuar)

UPDATE: A SonicWall spokesperson told us, “SonicWall takes every disclosure or discovery seriously to help maintain the highest standards for product and technology integrity. As part of that commitment, SonicWall openly collaborates with third-party organizations and researchers to identify, investigate and mitigate emerging vulnerabilities before they impact end organizations, as was the case here."

"Organizations using SonicWall Global VPN client version or earlier should log in to with their approved credentials and upgrade to SonicWall Global VPN client version Alternatively, organizations can visit to upgrade to the latest SonicWall Global VPN client.”

A security warning has been issued to anyone using SonicWall’s Global VPN Client v4.10.4.0314 or any of the earlier versions.

SonicWall has disclosed that specific versions of its traditional VPN client, that allows secure access to your corporate network, have an insecure library loading vulnerability. Also known as DLL hijacking, if successfully exploited, the vulnerability could allow an attacker to execute arbitrary commands or code on the compromised systems.

Earlier this month, SonicWall’s SonicOS, which is the operating system that powers its range of network security devices, was also hit by a vulnerability that affected its VPN login page.

SonicWall VPN 

While the company investigates the latest vulnerability, if you use SonicWall Global VPN client (GVC), you should update your client. SonicWall recommends switching to v4.10.5.1021 or later to mitigate the threat. 

  • Protect yourself while on the go with these best VPN services around today
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.