DLL Search Order Hijacking in SonicWall NetExtender for Windows
CVE-2023-44220

7.3HIGH

Key Information:

Vendor: Sonicwall
Status: Netextender
Vendor: CVE Published:; 27 October 2023

What is CVE-2023-44220?

SonicWall NetExtender for Windows versions 10.2.336 and earlier are susceptible to a DLL Search Order Hijacking vulnerability. This issue arises in the start-up DLL component, allowing local attackers to exploit the vulnerability to execute arbitrary commands on the affected system, potentially compromising system integrity and data security.

Affected Version(s)

NetExtender Windows 10.2.336 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Sep 26, 2023

Sonicwall

What is CVE-2023-44220?

Affected Version(s)

References

CVSS V3.1

Timeline