CVE-2023-44218 - OpenCVE

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sonicwall	Netextender

Configuration 1 [-]

cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*

References

Link	Resource
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sonicwall

Published: 2023-10-03T08:00:04.401Z

Updated: 2023-10-03T08:00:04.401Z

Reserved: 2023-09-26T23:29:39.789Z

Link: CVE-2023-44218

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-03T08:15:36.067

Modified: 2023-10-04T17:49:26.270

Link: CVE-2023-44218

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F79C094F-9986-4B09-800D-2F1DBE23B8FD", "versionEndIncluding": "10.2.336", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.\n\n"}, {"lang": "es", "value": "Una falla dentro de la funci\u00f3n SonicWall NetExtender Pre-Logon permite que un usuario no autorizado obtenga acceso al sistema operativo Windows host con privilegios de nivel 'SYSTEM', lo que genera una vulnerabilidad de escalada de privilegios local (LPE)."}], "id": "CVE-2023-44218", "lastModified": "2023-10-04T17:49:26.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "PSIRT@sonicwall.com", "type": "Secondary"}]}, "published": "2023-10-03T08:15:36.067", "references": [{"source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-267"}], "source": "PSIRT@sonicwall.com", "type": "Secondary"}]}