Privilege Escalation Vulnerability in Dell SonicWall NetExtender
CVE-2015-4173

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Netextender
Vendor: CVE Published:; 26 August 2015

What is CVE-2015-4173?

The unquoted Windows search path vulnerability in Dell SonicWall NetExtender allows local users to execute a Trojan horse program placed within the %SYSTEMDRIVE% folder, resulting in elevated privileges. This issue affects versions of NetExtender and the SRA firmware prior to specified updates, exposing users to potential unauthorized access to system capabilities without proper authentication.

References

http://packetstormsecurity.com/files/133302/Dell-SonicWal...

x_refsource_MISC

http://www.securityfocus.com/archive/1/536303/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securitytracker.com/id/1033417

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2015
Vulnerability Reserved
Jun 3, 2015

Sonicwall

What is CVE-2015-4173?

References

Timeline