Main Vulnerability Database SB2021010901

SB2021010901 - Privilege escalation in SonicWall NetExtender for Windows

Published: January 9, 2021

Security Bulletin ID SB2021010901

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unquoted search path or element (CVE-ID: N/A)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the NetExtender VPN client for Windows allows usage of an unquoted search path when launching the VPN client. A local user can place a malicious library on the system and execute it with elevated privileges.

Successful vulnerability exploitation may allow an attacker to escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0023