Local Privilege Escalation Vulnerability in SonicWall NetExtender
CVE-2023-44218

8.8HIGH

Key Information:

Vendor: Sonicwall
Status: Netextender
Vendor: CVE Published:; 3 October 2023

Summary

A vulnerability in the SonicWall NetExtender Pre-Logon feature allows unauthorized users to gain access to the underlying Windows operating system with SYSTEM level privileges. This flaw can lead to local privilege escalation, potentially enabling malicious activities by unauthorized users. Organizations using affected versions of NetExtender should take prompt action to mitigate this risk as detailed in the vendor's advisory.

Affected Version(s)

NetExtender Windows 10.2.336 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Sep 26, 2023