CVE-2023-44217
HIGHSonicWall NetExtender < 10.2.336 - Local Privilege Escalation via MSI Repair Functionality
Title source: llmDescription
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/advisories/GHSA-jw5c-8746-98g5
Broken Link vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
19.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
sonicwall/netextender
< 10.2.336
Published
Oct 03, 2023
Tracked Since
Feb 18, 2026