SonicWALL Global VPN Client < 220.127.116.110 Format String Vulnerabilities
High Nessus Plugin ID 38929
SynopsisThe remote Windows host contains a program that is affected by multiple format string vulnerabilities.
DescriptionThe version of the SonicWALL Global VPN Client software installed on the remote Windows host fails to sanitize the 'name' attribute of the 'Connection' tag and the content of the 'Hostname' tag in the configuration file of format strings. If an attacker can trick a user on the affected host into importing a specially crafted configuration file, the attacker could leverage this issue to execute arbitrary code on the affected host subject to the user's privileges.
SolutionUpgrade to SonicWALL VPN client 18.104.22.1680 as that reportedly resolves the issue.