SonicWall VPN client hit with a RCE vulnerability

A security warning has been issued to anyone using SonicWall’s Global VPN Client v4.10.4.0314 or any of the earlier versions.

SonicWall has disclosed that specific versions of its traditional VPN client, that allows secure access to your corporate network, have an insecure library loading vulnerability. Also known as DLL hijacking, if successfully exploited, the vulnerability could allow an attacker to execute arbitrary commands or code on the compromised systems.

Earlier this month, SonicWall’s SonicOS, which is the operating system that powers its range of network security devices, was also hit by a vulnerability that affected its VPN login page.

• Protect your business with the best cloud firewalls
• These are the best ID theft protection services around
• And here are some of the best antivirus products

SonicWall VPN 

While the company investigates the latest vulnerability, if you use SonicWall Global VPN client (GVC), you should update your client. SonicWall recommends switching to v4.10.5.1021 or later to mitigate the threat. 

Surprisingly though at the time of filing, the Downloads page of the GVC still pointed users to the affected v4.9.22. 

More details are awaited as the company analyses the vulnerability - TechRadar Pro has contacted SonicWall for comment.

• Protect yourself while on the go with these best VPN services around today