Sonicwall: >> Directory Services Connector Security Vulnerabilities
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-10-27
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.
CVSS Score
8.2
EPSS Score
0.008
Published
2021-03-05