SonicWall Netextender

Do you want an email whenever new security vulnerabilities are reported in SonicWall Netextender?

By the Year

In 2024 there have been 1 vulnerability in SonicWall Netextender with an average score of 5.5 out of ten. Last year Netextender had 3 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 2.13

Year	Vulnerabilities	Average Score
2024	1	5.50
2023	3	7.63
2022	1	7.80
2021	1	5.30
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Netextender vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SonicWall Netextender Security Vulnerabilities

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver

CVE-2023-6340 5.5 - Medium - January 18, 2024

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

Memory Corruption

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component

CVE-2023-44220 7.3 - High - October 27, 2023

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.

DLL preloading

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges

CVE-2023-44218 7.8 - High - October 03, 2023

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions

CVE-2023-44217 7.8 - High - October 03, 2023

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions

CVE-2022-22281 7.8 - High - May 13, 2022

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.

Classic Buffer Overflow

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this

CVE-2020-5147 5.3 - Medium - January 09, 2021

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

Unquoted Search Path or Element

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv

CVE-2015-4173 - August 26, 2015

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

Unquoted Search Path or Element

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for SonicWall Netextender or by SonicWall? Click the Watch button to subscribe.

SonicWall
Vendor

SonicWall Netextender
Product

SonicWall Netextender

By the Year

Recent SonicWall Netextender Security Vulnerabilities

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver CVE-2023-6340 5.5 - Medium - January 18, 2024

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component CVE-2023-44220 7.3 - High - October 27, 2023

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges CVE-2023-44218 7.8 - High - October 03, 2023

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions CVE-2023-44217 7.8 - High - October 03, 2023

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions CVE-2022-22281 7.8 - High - May 13, 2022

SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this CVE-2020-5147 5.3 - Medium - January 09, 2021

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv CVE-2015-4173 - August 26, 2015