CVE-2020-5147
published 2021-01-09CVE-2020-5147: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host…
PriorityP431medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
EXPLOIT
EPSS
1.66%
73.7th percentile
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | netextender | <= 10.2.300 | — |
| sonicwall | netextender | — | — |
| sonicwall | sonicwall_netextender | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqm7-vfw5-95rq: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in th
ghsa_unreviewed·2022-05-24
CVE-2020-5147 [MEDIUM] CWE-428 GHSA-hqm7-vfw5-95rq: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in th
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
SonicWall
CVE-2020-5147: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in th
vendor_sonicwall·2021-01-09·CVSS 5.3
CVE-2020-5147 [MEDIUM] CWE-428 CVE-2020-5147: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in th
CVE-2020-5147: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/163857/SonicWall-NetExtender-10.2.0.300-Unquoted-Service-Path.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0023http://packetstormsecurity.com/files/163857/SonicWall-NetExtender-10.2.0.300-Unquoted-Service-Path.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0023
2021-01-09
Published