Vulnerability in Sonicwall Netextender

CVE-2023-44220

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command exec…

EPSS: 0.000 (7.9th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Netextender — versions 10.2.336 and earlier versions

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0017 (vendor-advisory)