SonicWall NetExtender LPE via Pre-Logon on Windows
CVE-2023-44218 Published on October 3, 2023
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
Vulnerability Analysis
Weakness Type
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Products Associated with CVE-2023-44218
Want to know whenever a new CVE is published for SonicWall Netextender? stack.watch will email you.
Affected Versions
SonicWall NetExtender:- Version 10.2.336 and earlier versions is affected.
- Before and including 10.2.336 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.