CVE-2020-5147

5.3MEDIUM

Key Information

Vendor: Sonicwall
Status: Sonicwall Netextender
Vendor: CVE Published:; 9 January 2021

Summary

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

Affected Version(s)

SonicWall NetExtender = 10.2.300 and earlier

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 9, 2021
Vulnerability Reserved.
Dec 31, 2019

Collectors

NVD DatabaseMitre Database