Local Privilege Escalation Vulnerability in SonicWall Directory Services Connector
CVE-2023-44219

7.8HIGH

Key Information:

Vendor: Sonicwall
Status: Directory Services Connector
Vendor: CVE Published:; 27 October 2023

Summary

A local privilege escalation vulnerability exists in SonicWall Directory Services Connector Windows MSI client versions 4.1.21 and earlier. This flaw allows a low-privileged local user to execute the recovery feature, potentially granting them escalated system privileges. Mitigating this vulnerability is crucial to maintain the integrity and security of affected systems. Users are encouraged to review their installations and update to secure versions.

Affected Version(s)

Directory Services Connector Windows 4.1.21 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Sep 26, 2023