CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23010
https://notcve.org/view.php?id=CVE-2025-23010
10 Apr 2025 — An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23009
https://notcve.org/view.php?id=CVE-2025-23009
10 Apr 2025 — A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23008
https://notcve.org/view.php?id=CVE-2025-23008
10 Apr 2025 — An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23007
https://notcve.org/view.php?id=CVE-2025-23007
30 Jan 2025 — A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0005 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29014
https://notcve.org/view.php?id=CVE-2024-29014
18 Jul 2024 — Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. Una vulnerabilidad en el cliente SonicWall SMA100 NetExtender Windows (32 y 64 bits) 10.2.339 y versiones anteriores permite a un atacante ejecutar código arbitrario al procesar una actualización del cliente EPC. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6340
https://notcve.org/view.php?id=CVE-2023-6340
17 Jan 2024 — SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. SonicWall Capture Client versión 3.7.10, NetExtender client versión 10.2.337 y versiones anteriores se instalan con el controlador sfpmonitor.sys. Se ha descubierto que el controlador es vulnerable a la denegación de servicio (DoS) causada por una v... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44220
https://notcve.org/view.php?id=CVE-2023-44220
27 Oct 2023 — SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. El cliente SonicWall NetExtender Windows (32 bits y 64 bits) 10.2.336 y versiones anteriores tienen una vulnerabilidad de Secuestro de Orden de Búsqueda de DLL en el componente DLL de inicio. La explotación exitosa a través de un atacante local ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44218
https://notcve.org/view.php?id=CVE-2023-44218
03 Oct 2023 — A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. Una falla dentro de la función SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios local (LPE). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44217
https://notcve.org/view.php?id=CVE-2023-44217
03 Oct 2023 — A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. Una vulnerabilidad de escalada de privilegios local en el cliente MSI SonicWall Net Extender para Windows 10.2.336 y versiones anteriores permite a un usuario local con pocos privilegios obtener privilegios de System mediante la ejecución de la funcionalidad de reparación. • https://github.com/advisories/GHSA-jw5c-8746-98g5 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22281
https://notcve.org/view.php?id=CVE-2022-22281
13 May 2022 — A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. Una vulnerabilidad de desbordamiento de búfer en el cliente Windows de SonicWall SSL-VPN NetExtender (32 y 64 bits) en versiones 10.2.322 y anteriores, permite a un atacante ejecutar potencialmente código arbitrario en el sistema operativo Windows del host • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •