CVE-2020-5147 – SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-5147
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. El cliente SonicWall NetExtender Windows es susceptible a una vulnerabilidad ruta de servicio sin comillas, esto permite a un atacante local alcanzar privilegios elevados en el sistema operativo host. Esta vulnerabilidad afecta al cliente SonicWall NetExtender Windows versiones 10.2.300 y anteriores SonicWall NetExtender version 10.2.0.300 suffers from an unquoted service path vulnerability. • https://www.exploit-db.com/exploits/50212 http://packetstormsecurity.com/files/163857/SonicWall-NetExtender-10.2.0.300-Unquoted-Service-Path.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0023 • CWE-428: Unquoted Search Path or Element •
CVE-2020-5131
https://notcve.org/view.php?id=CVE-2020-5131
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. El cliente de SonicWall NetExtender Windows es susceptible a una vulnerabilidad de escritura arbitraria de archivos, esto permite al atacante sobrescribir una DLL y ejecutar código con el mismo privilegio en el sistema operativo host. Esta vulnerabilidad impacta al cliente SonicWall NetExtender Windows versión 9.0.815 y anteriores • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0004 • CWE-20: Improper Input Validation •
CVE-2015-4173
https://notcve.org/view.php?id=CVE-2015-4173
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Vulnerabilidad en búsqueda de directorio sin entrecomillar en Windows en el valor autorun en Dell SonicWall NetExtender en versiones anteriores a 7.5.227 y 8.0.x en versiones anteriores a 8.0.238, tal como se utiliza en el firmware SRA en versiones anteriores a 7.5.1.2-40sv y 8.x en versiones anteriores a 8.0.0.3-23sv, permite a usuarios locales obtener privilegios a través de un Troyano en la carpeta %SYSTEMDRIVE%. • http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html http://www.securityfocus.com/archive/1/536303/100/0/threaded http://www.securitytracker.com/id/1033417 https://support.software.dell.com/product-notification/157537 • CWE-428: Unquoted Search Path or Element •