CVE-2023-44220
published 2023-10-27CVE-2023-44220: SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL…
PriorityP434high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EPSS
0.29%
21.1th percentile
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | netextender | <= 10.2.336 | — |
| sonicwall | netextender | — | — |
| sonicwall | netextender | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vpcf-pfmw-qpwh: SonicWall NetExtender Windows (32-bit and 64-bit) client 10
ghsa_unreviewed·2023-10-27
CVE-2023-44220 [HIGH] CWE-427 GHSA-vpcf-pfmw-qpwh: SonicWall NetExtender Windows (32-bit and 64-bit) client 10
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
SonicWall
CVE-2023-44220: SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up
vendor_sonicwall·2023-10-27·CVSS 7.3
CVE-2023-44220 [HIGH] CWE-427 CVE-2023-44220: SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up
CVE-2023-44220: SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-27
Published