9 matches found
CVE-2020-5147
CVE-2020-5147 affects SonicWall NetExtender Windows client (version 10.2.300 and earlier). The root cause is an unquoted service path, enabling a local attacker to gain elevated privileges on the host. The CVE description in multiple sources confirms the vulnerable component as the NetExtender Wi...
CVE-2022-22281
CVE-2022-22281 affects SonicWall SSL-VPN NetExtender Windows Client (32/64‑bit) up to version 10.2.322. The root cause is a boundary/stack‑based buffer overflow in NetExtender, allowing a local attacker to potentially execute arbitrary code on the Windows host. Impact is high (local, code executi...
CVE-2023-44218
SonicWall NetExtender Pre-Logon vulnerability (CVE-2023-44218) affects the Windows NetExtender Pre-Logon feature, enabling local privilege escalation to SYSTEM. The root cause is described as insecure privilege management. Impact is unauthorized host access with SYSTEM privileges; no exploit deta...
CVE-2024-29014
SonicWall SMA100 NetExtender Windows client (32/64-bit) versions 10.2.339 and earlier are affected by CVE-2024-29014 due to incorrect handling of EPC Client updates in the Enable Client Autoupdate service, enabling arbitrary code execution. Impact is remote code execution with high privileges on ...
CVE-2023-44220
CVE-2023-44220 affects SonicWall NetExtender Windows client (32-bit and 64-bit) versions 10.2.336 and earlier. The root cause is a DLL Search Order Hijacking vulnerability in the startup DLL component, which could allow a local attacker to execute commands on the target system. Exploitation is de...
CVE-2023-44217
SonicWall Net Extender MSI client for Windows is affected (versions 10.2.336 and earlier). The issue is a local privilege escalation where a low-privileged user can gain SYSTEM by abusing the REPAIR function, related to insecure privilege management. Public details indicate the vulnerability aris...
CVE-2023-6340
SonicWall reports that Capture Client 3.7.10 and NetExtender Windows client 10.2.337 and earlier install with the sfpmonitor.sys driver. The driver has a stack-based buffer overflow that can be triggered by crafted queries, leading to Denial of Service and potentially kernel memory overwrite with...
CVE-2015-4173
Dell SonicWall NetExtender is affected by CVE-2015-4173, a local privilege-escalation due to an unquoted Windows search path in the autorun value. Affected as: NetExtender before 7.5.227 and 8.0.x before 8.0.238, used with SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv. Root cause: ...
CVE-2020-5131
CVE-2020-5131 affects SonicWall NetExtender Windows client up to version 9.0.815. The vulnerability is an arbitrary file write that enables overwriting a DLL, allowing code execution with the same privileges on the host OS. The CVE is described in multiple sources (e.g., Red Hat advisory and CNVD...