Lucene search

[email protected]CVE-2015-4173

HistoryAug 26, 2015 - 7:59 p.m.

CVE-2015-4173

2015-08-2619:59:06

CWE-428

[email protected]

web.nvd.nist.gov

cve-2015-4173

unquoted windows search path vulnerability

dell sonicwall netextender

local privilege escalation

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

Affected configurations

NVD

Node

sonicwallnetextenderRange<7.5.227windows

sonicwallnetextenderRange8.0–8.0.238windows

CPENameOperatorVersion
sonicwall:netextendersonicwall netextenderlt7.5.227
sonicwall:netextendersonicwall netextenderlt8.0.238

CPE	Name	Operator	Version
sonicwall:netextender	sonicwall netextender	lt	7.5.227
sonicwall:netextender	sonicwall netextender	lt	8.0.238

References

packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html

www.securityfocus.com/archive/1/536303/100/0/threaded

www.securitytracker.com/id/1033417

support.software.dell.com/product-notification/157537

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-4173

openvas2 securityvulns1 prion1 cvelist1 nvd1