What is CVE-2023-44217?

CVE-2023-44217 is a vulnerability in Sonicwall Netextender, classified under Improper Privilege Management. Published 2023-10-03.

Is CVE-2023-44217 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Sonicwall Netextender

CVE-2023-44217

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.

Vulnerability class: Privilege Escalation

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.2.336 and earlier versions

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013 (vendor-advisory)

Frequently asked questions

What is CVE-2023-44217?: CVE-2023-44217 is a vulnerability in Sonicwall Netextender, classified under Improper Privilege Management. Published 2023-10-03.
Is CVE-2023-44217 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.