PT-2015-6444 · Dell+1 · Sra+2
Published
2015-08-26
·
Updated
2020-08-05
·
CVE-2015-4173
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dell SonicWall NetExtender versions prior to 7.5.227
Dell SonicWall NetExtender versions 8.0.x prior to 8.0.238
SRA firmware versions prior to 7.5.1.2-40sv
SRA firmware versions 8.x prior to 8.0.0.3-23sv
Description
The issue allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder due to an unquoted Windows search path vulnerability in the autorun value.
Recommendations
For Dell SonicWall NetExtender versions prior to 7.5.227, update to version 7.5.227 or later.
For Dell SonicWall NetExtender versions 8.0.x prior to 8.0.238, update to version 8.0.238 or later.
For SRA firmware versions prior to 7.5.1.2-40sv, update to version 7.5.1.2-40sv or later.
For SRA firmware versions 8.x prior to 8.0.0.3-23sv, update to version 8.0.0.3-23sv or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Sonicwall Netextender
Sra
Windows