CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6340
https://notcve.org/view.php?id=CVE-2023-6340
17 Jan 2024 — SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. SonicWall Capture Client versión 3.7.10, NetExtender client versión 10.2.337 y versiones anteriores se instalan con el controlador sfpmonitor.sys. Se ha descubierto que el controlador es vulnerable a la denegación de servicio (DoS) causada por una v... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44220
https://notcve.org/view.php?id=CVE-2023-44220
27 Oct 2023 — SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. El cliente SonicWall NetExtender Windows (32 bits y 64 bits) 10.2.336 y versiones anteriores tienen una vulnerabilidad de Secuestro de Orden de Búsqueda de DLL en el componente DLL de inicio. La explotación exitosa a través de un atacante local ... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44218
https://notcve.org/view.php?id=CVE-2023-44218
03 Oct 2023 — A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. Una falla dentro de la función SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios local (LPE). • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44217
https://notcve.org/view.php?id=CVE-2023-44217
03 Oct 2023 — A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. Una vulnerabilidad de escalada de privilegios local en el cliente MSI SonicWall Net Extender para Windows 10.2.336 y versiones anteriores permite a un usuario local con pocos privilegios obtener privilegios de System mediante la ejecución de la funcionalidad de reparación. • https://github.com/advisories/GHSA-jw5c-8746-98g5 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22281
https://notcve.org/view.php?id=CVE-2022-22281
13 May 2022 — A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. Una vulnerabilidad de desbordamiento de búfer en el cliente Windows de SonicWall SSL-VPN NetExtender (32 y 64 bits) en versiones 10.2.322 y anteriores, permite a un atacante ejecutar potencialmente código arbitrario en el sistema operativo Windows del host • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2020-5147 – SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://notcve.org/view.php?id=CVE-2020-5147
09 Jan 2021 — SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. El cliente SonicWall NetExtender Windows es susceptible a una vulnerabilidad ruta de servicio sin comillas, esto permite a un atacante local alcanzar privilegios elevados en el sistema operativo host. Esta vulnerabilidad afecta al cliente ... • https://packetstorm.news/files/id/163857 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5131
https://notcve.org/view.php?id=CVE-2020-5131
17 Jul 2020 — SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. El cliente de SonicWall NetExtender Windows es susceptible a una vulnerabilidad de escritura arbitraria de archivos, esto permite al atacante sobrescribir una DLL y ejecutar código con el mismo privilegio en el sistema ope... • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0004 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4173 – Dell SonicWall NetExtender 7.5.215 Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-4173
25 Aug 2015 — Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Vulnerabilidad en búsqueda de directorio sin entrecomillar en Windows en el valor autorun en Dell SonicWall NetExtender en versiones anteriores a 7.5.227 y 8.0.x en versiones anteriores a 8.0.238, tal como ... • http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html • CWE-428: Unquoted Search Path or Element •