Local Privilege Escalation Vulnerability in SonicWall NetExtender
CVE-2023-44218

8.8HIGH

Key Information:

Vendor: Sonicwall
Status: Netextender
Vendor: CVE Published:; 3 October 2023

What is CVE-2023-44218?

A vulnerability in the SonicWall NetExtender Pre-Logon feature allows unauthorized users to gain access to the underlying Windows operating system with SYSTEM level privileges. This flaw can lead to local privilege escalation, potentially enabling malicious activities by unauthorized users. Organizations using affected versions of NetExtender should take prompt action to mitigate this risk as detailed in the vendor's advisory.

Affected Version(s)

NetExtender Windows 10.2.336 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 26, 2023

Sonicwall

What is CVE-2023-44218?

Affected Version(s)

References

CVSS V3.1

Timeline