Sonicwall: >> Netextender >> 10.2.336 Security Vulnerabilities
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-07-18
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-18
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-10-27
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-03
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-03