UPDATE: A SonicWall spokesperson told us, “SonicWall takes every disclosure or discovery seriously to help maintain the highest standards for product and technology integrity. As part of that commitment, SonicWall openly collaborates with third-party organizations and researchers to identify, investigate and mitigate emerging vulnerabilities before they impact end organizations, as was the case here."
"Organizations using SonicWall Global VPN client version 4.10.4.0314 or earlier should log in to MySonicWall.com with their approved credentials and upgrade to SonicWall Global VPN client version 18.104.22.1681. Alternatively, organizations can visit https://www.sonicwall.com/products/remote-access/vpn-clients/ (opens in new tab) to upgrade to the latest SonicWall Global VPN client.”
A security warning has been issued to anyone using SonicWall’s Global VPN Client v4.10.4.0314 or any of the earlier versions.
SonicWall has disclosed that specific versions of its traditional VPN client, that allows secure access to your corporate network, have an insecure library loading vulnerability. Also known as DLL hijacking, if successfully exploited, the vulnerability could allow an attacker to execute arbitrary commands or code on the compromised systems.
Earlier this month, SonicWall’s SonicOS, which is the operating system that powers its range of network security devices, was also hit by a vulnerability that affected its VPN login page.
- Protect your business with the best cloud firewalls (opens in new tab)
- These are the best ID theft protection services (opens in new tab) around
- And here are some of the best antivirus (opens in new tab) products
While the company investigates the latest vulnerability, if you use SonicWall Global VPN client (GVC), you should update your client. SonicWall recommends switching to v22.214.171.1241 or later to mitigate the threat.
- Protect yourself while on the go with these best VPN (opens in new tab) services around today