Recent Updates

RSS Latest Security News

Follow Us

Contact Us (800) 514-4847

mobile-logo
 

SoincWALL VPN Security Notice

28 Apr

SoincWALL VPN Security Notice

by Corey DeGrandchamp
in Guides, Uncategorized
Comments

SonicWALL has confirmed that Global VPN Client (GVC) installer 4.10.7.1117 (32-bit and 64-bit) and earlier versions have three specific vulnerabilities in one of the installer components as outlined below:

 

  1. Global VPN Client DLL Search Order Hijacking via Application Installer (RunMSI.exe). This includes both the 32-Bit as well as 64-bit installers.
  2. Global VPN Client Installer being unable to remove RarSFX folder and its content after installation. Therefore, all organizations and/or users who have installed the latest GVC version have the problematic RarSFX folder and its vulnerable component (RunMSI.exe), which could lead to potential exploitation of the first vulnerability above. Only the last three 64-bit versions 4.10.7.1117, 4.10.6.0913 and 4.10.5.1224 are impacted.
  3. 32-Bit Global VPN Client DLL Highjacking over Microsoft Foundation Class DLLs. While first two vulnerabilities apply to the installer, this one is in the application itself. Only the 32-bit version of GVC is vulnerable.

 

There is no evidence that these vulnerabilities are being exploited in the wild. All three vulnerabilities can only be exploited after the adversary gains control of the machine, has admin privilege or is able to place malicious files on the machine. The vulnerabilities can’t be exploited on a clean system.

 

If a user does not have administrator privileges, there is no way to execute the vulnerable installers. Only when an administrator explicitly executes the installers, or the target system is already compromised by administrator privileges, potential DLL Hijacking could occur.

 

SonicWALL strongly urges that organizations using the Global VPN Client (GVC) in your network follow the guidance below.

 

If your organization needs any help ensuring this issue is taken care of properly, please submit a ticket at https://support.computingtech.net

 

Vulnerability Affected Version/Scope User Resolution
Global VPN Client DLL Search Order Hijacking via Application Installer (RunMSI.exe) Previous installers
  • Silent fix. No user action needed.
Problematic RarSFX folders left in host machine after installation Host machine which are running below 64-bit installers:

  • 4.10.7.1117
  • 4.10.6.0913
  • 4.10.5.1224
  

  • Download and run script from here: https://www.computingtech.net/programs/SonicWALL/installCleaner.bat
DLL Highjacking over Microsoft Foundation Class DLLs 32bit GVC (X86 GVC) only
  • Uninstall existing 32bit GVC
  • Install GVC 4.10.7.1424 32bit version (X86)
Corey DeGrandchamp

Owner / President of Computing Technologies, Inc.

No Comments

Sorry, the comment form is closed at this time.