Local Privilege Escalation Vulnerability in SonicWall Net Extender for Windows
CVE-2023-44217

7.8HIGH

Key Information:

Vendor: Sonicwall
Status: Netextender
Vendor: CVE Published:; 3 October 2023

What is CVE-2023-44217?

A vulnerability exists in SonicWall Net Extender MSI client for Windows that enables a local low-privileged user to escalate their privileges to system level. This is achieved by exploiting the repair functionality in affected versions, specifically versions 10.2.336 and earlier. As this vulnerability could allow unauthorized users to gain heightened access on the system, it's critical to address it promptly to protect sensitive information and system integrity.

Affected Version(s)

NetExtender Windows 10.2.336 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 26, 2023

Sonicwall

What is CVE-2023-44217?

Affected Version(s)

References

CVSS V3.1

Timeline