PT-2023-5681 · Sonicwall · Sonicwall Net Extender Msi Client
Published
2023-09-29
·
Updated
2024-09-20
·
CVE-2023-44217
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SonicWall Net Extender MSI client for Windows versions 10.2.336 and earlier
Description
A local privilege escalation issue in the SonicWall Net Extender MSI client allows a local low-privileged user to gain system privileges through running repair functionality. This is related to insecure privilege management. The exploitation of this issue may allow an attacker to elevate their privileges.
Recommendations
For versions 10.2.336 and earlier, as a temporary workaround, consider disabling the repair functionality until a patch is available. Restrict access to the affected MSI client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonicwall Net Extender Msi Client