VYPR

Netextender

by SonicWall

CVEs (12)

  • CVE-2025-23010HigApr 10, 2025
    risk 0.47cvss 7.2epss 0.00

    An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.

  • CVE-2025-23009HigApr 10, 2025
    risk 0.47cvss 7.2epss 0.00

    A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.

  • CVE-2025-23007MedJan 30, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.

  • CVE-2020-5147Jan 9, 2021
    risk 0.03cvss epss 0.02

    SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.

  • CVE-2024-29014Jul 18, 2024
    risk 0.00cvss epss 0.02

    Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.

  • CVE-2023-6340Jan 17, 2024
    risk 0.00cvss epss 0.00

    SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

  • CVE-2023-44220Oct 27, 2023
    risk 0.00cvss epss 0.00

    SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.

  • CVE-2023-44218Oct 3, 2023
    risk 0.00cvss epss 0.00

    A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

  • CVE-2023-44217Oct 3, 2023
    risk 0.00cvss epss 0.00

    A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.

  • CVE-2020-5131Jul 17, 2020
    risk 0.00cvss epss 0.01

    SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815…

  • CVE-2015-4173Aug 26, 2015
    risk 0.00cvss epss 0.02

    Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in…

  • CVE-2007-5814Nov 5, 2007
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5)…