This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Windows host contains a program that is affected by multiple
format string vulnerabilities.
The version of the SonicWALL Global VPN Client software installed on
the remote Windows host fails to sanitize the 'name' attribute of the
'Connection' tag and the content of the 'Hostname' tag in the
configuration file of format strings. If an attacker can trick a user
on the affected host into importing a specially crafted configuration
file, the attacker could leverage this issue to execute arbitrary code
on the affected host subject to the user's privileges.
See also :
Upgrade to SonicWALL VPN client 126.96.36.1990 as that reportedly resolves
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true