CVE-2020-5147

MEDIUM

SonicWall NetExtender <10.2.300 - Privilege Escalation

Title source: llm

Description

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

Exploits (1)

exploitdb WRITEUP

by shinnai · textlocalwindows

https://www.exploit-db.com/exploits/50212

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0023

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163857/SonicWall-NetExtender-10.2.0.300-Unquoted-Service-Path.html

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 54.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-428

Status published

Products (1)

sonicwall/netextender < 10.2.300

Published Jan 09, 2021

Tracked Since Feb 18, 2026