Main Vulnerability Database SB2023093012

SB2023093012 - Multiple vulnerabilities in SonicWall NetExtender for Windows

Published: September 30, 2023

Security Bulletin ID SB2023093012

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Privilege Management (CVE-ID: CVE-2023-44217)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management within the repair feature in SonicWall Net Extender MSI client. A local user can execute arbitrary code with elevated privileges.

2) Improper Authentication (CVE-ID: CVE-2023-44218)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in NetExtender Pre-Logon feature. A remote attacker on the local network can gain access to the host Windows operating system with SYSTEM level privileges.

Remediation

Install update from vendor's website.

SB2023093012 - Multiple vulnerabilities in SonicWall NetExtender for Windows

Breakdown by Severity

Description

Remediation

References

Please verify you're human