Local Privilege Escalation Vulnerability in SonicWall Net Extender for Windows
CVE-2023-44217

7.8HIGH

Key Information:

Vendor: Sonicwall
Status: Netextender
Vendor: CVE Published:; 3 October 2023

Summary

A vulnerability exists in SonicWall Net Extender MSI client for Windows that enables a local low-privileged user to escalate their privileges to system level. This is achieved by exploiting the repair functionality in affected versions, specifically versions 10.2.336 and earlier. As this vulnerability could allow unauthorized users to gain heightened access on the system, it's critical to address it promptly to protect sensitive information and system integrity.

Affected Version(s)

NetExtender Windows 10.2.336 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 26, 2023