CVE-2023-44218
First published: Tue Oct 03 2023(Updated: )
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
Credit: PSIRT@sonicwall.com PSIRT@sonicwall.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SonicWall NetExtender Windows | <=10.2.336 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the SonicWall NetExtender Pre-Logon feature flaw?
The vulnerability ID for the SonicWall NetExtender Pre-Logon feature flaw is CVE-2023-44218.
What does the SonicWall NetExtender Pre-Logon feature flaw allow unauthorized users to do?
The SonicWall NetExtender Pre-Logon feature flaw allows unauthorized users to gain access to the host Windows operating system with 'SYSTEM' level privileges.
What is the impact of the SonicWall NetExtender Pre-Logon feature flaw?
The impact of the SonicWall NetExtender Pre-Logon feature flaw is a local privilege escalation (LPE) vulnerability.
Which version of SonicWall NetExtender is affected by the vulnerability?
The version of SonicWall NetExtender affected by the vulnerability is up to and including 10.2.336.
How severe is the SonicWall NetExtender Pre-Logon feature flaw?
The SonicWall NetExtender Pre-Logon feature flaw has a severity score of 7.8 (high).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/sonicwall
- canonical/sonicwall netextender windows
- version/sonicwall netextender windows/10.2.336