PT-2021-12386 · Sonicwall · Sonicwall Netextender
Published
2021-01-09
·
Updated
2021-09-21
·
CVE-2020-5147
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
SonicWall NetExtender Windows client versions 10.2.300 and earlier
Description
The SonicWall NetExtender Windows client is affected by an unquoted service path vulnerability. This issue allows a local attacker to gain elevated privileges in the host operating system.
Recommendations
For versions 10.2.300 and earlier, update to a version later than 10.2.300 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable service path to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicwall Netextender