CVE-2021-20037: 
SonicWall Global VPN Client vulnerability analysis and mitigation

SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) was found to contain an incorrect default file permission vulnerability identified as CVE-2021-20037. The vulnerability affects GVC 4.10.5 installer and earlier versions, potentially allowing privilege escalation and command execution in the host operating system (NVD Database, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-276 (Incorrect Default Permissions). The vulnerability requires local access with low attack complexity and low privileges, but no user interaction is needed (NVD Database).

The vulnerability can lead to privilege escalation and potentially allows command execution in the host operating system. With a high severity rating, successful exploitation could result in complete compromise of system confidentiality, integrity, and availability (NVD Database).

SonicWall has released version 4.10.6.0913 to address this vulnerability. Users are advised to upgrade to this version or later to mitigate the risk (CERT-FR Advisory).