Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for global_vpn_client by sonicwall

    CVE-2021-20051 (GCVE-0-2021-20051)

    Vulnerability from nvd – Published: 2022-05-04 15:20 – Updated: 2024-08-03 17:30
    VLAI
    Summary
    SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: Global VPN Client 4.10.7.1117 and earlier versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "Global VPN Client 4.10.7.1117 and earlier versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T15:20:09.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2021-20051",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Global VPN Client 4.10.7.1117 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2021-20051",
        "datePublished": "2022-05-04T15:20:09.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:30:07.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20047 (GCVE-0-2021-20047)

    Vulnerability from nvd – Published: 2021-12-08 09:55 – Updated: 2024-08-03 17:30
    VLAI
    Summary
    SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: Global VPN Client 4.10.6 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "Global VPN Client 4.10.6 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T09:55:31.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2021-20047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Global VPN Client 4.10.6 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2021-20047",
        "datePublished": "2021-12-08T09:55:31.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:30:07.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20037 (GCVE-0-2021-20037)

    Vulnerability from nvd – Published: 2021-09-21 08:50 – Updated: 2024-08-03 17:30
    VLAI
    Summary
    SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
    Severity
    No CVSS data available.
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: Global VPN Client 4.10.5 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "Global VPN Client 4.10.5 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-21T08:50:11.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2021-20037",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Global VPN Client 4.10.5 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276: Incorrect Default Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2021-20037",
        "datePublished": "2021-09-21T08:50:11.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:30:07.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5145 (GCVE-0-2020-5145)

    Vulnerability from nvd – Published: 2020-10-28 10:40 – Updated: 2024-08-04 08:22
    VLAI
    Summary
    SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: 4.10.4.0314 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:09.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10.4.0314 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-28T10:40:15.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2020-5145",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.10.4.0314 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2020-5145",
        "datePublished": "2020-10-28T10:40:15.000Z",
        "dateReserved": "2019-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:09.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5144 (GCVE-0-2020-5144)

    Vulnerability from nvd – Published: 2020-10-28 10:40 – Updated: 2024-08-04 08:22
    VLAI
    Summary
    SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: 4.10.4.0314 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:08.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10.4.0314 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426: Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-28T10:40:15.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2020-5144",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.10.4.0314 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426: Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2020-5144",
        "datePublished": "2020-10-28T10:40:15.000Z",
        "dateReserved": "2019-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:08.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6273 (GCVE-0-2007-6273)

    Vulnerability from nvd – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.sec-consult.com/305.html x_refsource_MISC
    http://marc.info/?l=bugtraq&m=119678272603064&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/26689 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1019038 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/4094 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/27917 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/305.html"
              },
              {
                "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
              },
              {
                "name": "26689",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26689"
              },
              {
                "name": "1019038",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019038"
              },
              {
                "name": "ADV-2007-4094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/4094"
              },
              {
                "name": "27917",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27917"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-12-12T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/305.html"
            },
            {
              "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
            },
            {
              "name": "26689",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26689"
            },
            {
              "name": "1019038",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019038"
            },
            {
              "name": "ADV-2007-4094",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4094"
            },
            {
              "name": "27917",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27917"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.sec-consult.com/305.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/305.html"
                },
                {
                  "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
                },
                {
                  "name": "26689",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26689"
                },
                {
                  "name": "1019038",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019038"
                },
                {
                  "name": "ADV-2007-4094",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/4094"
                },
                {
                  "name": "27917",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27917"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6273",
        "datePublished": "2007-12-07T11:00:00.000Z",
        "dateReserved": "2007-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20051 (GCVE-0-2021-20051)

    Vulnerability from cvelistv5 – Published: 2022-05-04 15:20 – Updated: 2024-08-03 17:30
    VLAI
    Summary
    SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: Global VPN Client 4.10.7.1117 and earlier versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "Global VPN Client 4.10.7.1117 and earlier versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-04T15:20:09.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2021-20051",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Global VPN Client 4.10.7.1117 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2021-20051",
        "datePublished": "2022-05-04T15:20:09.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:30:07.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20047 (GCVE-0-2021-20047)

    Vulnerability from cvelistv5 – Published: 2021-12-08 09:55 – Updated: 2024-08-03 17:30
    VLAI
    Summary
    SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: Global VPN Client 4.10.6 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "Global VPN Client 4.10.6 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T09:55:31.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2021-20047",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Global VPN Client 4.10.6 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0025"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2021-20047",
        "datePublished": "2021-12-08T09:55:31.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:30:07.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20037 (GCVE-0-2021-20037)

    Vulnerability from cvelistv5 – Published: 2021-09-21 08:50 – Updated: 2024-08-03 17:30
    VLAI
    Summary
    SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
    Severity
    No CVSS data available.
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: Global VPN Client 4.10.5 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:30:07.615Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "Global VPN Client 4.10.5 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-21T08:50:11.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2021-20037",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Global VPN Client 4.10.5 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276: Incorrect Default Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0024"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2021-20037",
        "datePublished": "2021-09-21T08:50:11.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:30:07.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5145 (GCVE-0-2020-5145)

    Vulnerability from cvelistv5 – Published: 2020-10-28 10:40 – Updated: 2024-08-04 08:22
    VLAI
    Summary
    SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: 4.10.4.0314 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:09.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10.4.0314 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-28T10:40:15.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2020-5145",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.10.4.0314 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-427: Uncontrolled Search Path Element"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0021"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2020-5145",
        "datePublished": "2020-10-28T10:40:15.000Z",
        "dateReserved": "2019-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:09.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5144 (GCVE-0-2020-5144)

    Vulnerability from cvelistv5 – Published: 2020-10-28 10:40 – Updated: 2024-08-04 08:22
    VLAI
    Summary
    SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SonicWall SonicWall Global VPN Client Affected: 4.10.4.0314 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:22:08.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SonicWall Global VPN Client",
              "vendor": "SonicWall",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.10.4.0314 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426: Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-28T10:40:15.000Z",
            "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
            "shortName": "sonicwall"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT@sonicwall.com",
              "ID": "CVE-2020-5144",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SonicWall Global VPN Client",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.10.4.0314 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SonicWall"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426: Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "assignerShortName": "sonicwall",
        "cveId": "CVE-2020-5144",
        "datePublished": "2020-10-28T10:40:15.000Z",
        "dateReserved": "2019-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:22:08.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6273 (GCVE-0-2007-6273)

    Vulnerability from cvelistv5 – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.sec-consult.com/305.html x_refsource_MISC
    http://marc.info/?l=bugtraq&m=119678272603064&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/26689 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1019038 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/4094 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/27917 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.sec-consult.com/305.html"
              },
              {
                "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
              },
              {
                "name": "26689",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26689"
              },
              {
                "name": "1019038",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019038"
              },
              {
                "name": "ADV-2007-4094",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/4094"
              },
              {
                "name": "27917",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27917"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-12-12T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.sec-consult.com/305.html"
            },
            {
              "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
            },
            {
              "name": "26689",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26689"
            },
            {
              "name": "1019038",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019038"
            },
            {
              "name": "ADV-2007-4094",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4094"
            },
            {
              "name": "27917",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27917"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6273",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.  NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.sec-consult.com/305.html",
                  "refsource": "MISC",
                  "url": "http://www.sec-consult.com/305.html"
                },
                {
                  "name": "20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
                },
                {
                  "name": "26689",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26689"
                },
                {
                  "name": "1019038",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019038"
                },
                {
                  "name": "ADV-2007-4094",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/4094"
                },
                {
                  "name": "27917",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27917"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6273",
        "datePublished": "2007-12-07T11:00:00.000Z",
        "dateReserved": "2007-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }