First published: Fri Oct 27 2023(Updated: )
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
Credit: PSIRT@sonicwall.com
Affected Software | Affected Version | How to fix |
---|---|---|
SonicWall NetExtender Windows | <=10.2.336 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this SonicWall NetExtender Windows client vulnerability is CVE-2023-44220.
The severity of CVE-2023-44220 is high with a CVSS score of 7.3.
The affected software by CVE-2023-44220 is SonicWall NetExtender Windows client versions up to and including 10.2.336.
CVE-2023-44220 is a DLL Search Order Hijacking vulnerability in the start-up DLL component of SonicWall NetExtender Windows client versions up to and including 10.2.336, which could allow a local attacker to execute commands on the target system.
Yes, SonicWall has released a fix for CVE-2023-44220. It is recommended to update to the latest version of SonicWall NetExtender Windows client.