Sonicwall Netextender vulnerabilities
13 known vulnerabilities affecting sonicwall/netextender.
Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH9MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-29014P3HIGHCVSS 8.8fixed in 10.2.341v10.2.339 and earlier versions2024-07-18
CVE-2024-29014 [HIGH] CWE-94 CVE-2024-29014: Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier ve
Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update.
nvd
CVE-2020-5147P4MEDIUMCVSS 5.3PoC≤ 10.2.3002021-01-09
CVE-2020-5147 [MEDIUM] CWE-428 CVE-2020-5147: SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
nvd
CVE-2020-5131P3HIGHCVSS 7.8≤ 9.0.8152020-07-17
CVE-2020-5131 [HIGH] CWE-20 CVE-2020-5131: SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows a
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.
nvd
CVE-2023-44218P3HIGHCVSS 7.8≤ 10.2.336v10.2.336 and earlier versions2023-10-03
CVE-2023-44218 [HIGH] CWE-267 CVE-2023-44218: A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain acce
A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.
nvd
CVE-2022-22281P3HIGHCVSS 7.8≤ 10.2.3222022-05-13
CVE-2022-22281 [HIGH] CWE-121 CVE-2022-22281: A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit)
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
nvd
CVE-2023-44217P3HIGHCVSS 7.8≤ 10.2.336v10.2.336 and earlier versions2023-10-03
CVE-2023-44217 [HIGH] CWE-269 CVE-2023-44217: A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.33
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.
nvd
CVE-2023-44220P4HIGHCVSS 7.3≤ 10.2.336v10.2.336 and earlier versions2023-10-27
CVE-2023-44220 [HIGH] CWE-427 CVE-2023-44220: SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Se
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
nvd
CVE-2025-23009P4HIGHCVSS 7.2v10.3.1 and earlier versions2025-04-10
CVE-2025-23009 [HIGH] CWE-250 CVE-2025-23009: A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client w
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
nvd
CVE-2025-23010P4HIGHCVSS 7.2v10.3.1 and earlier versions2025-04-10
CVE-2025-23010 [HIGH] CWE-59 CVE-2025-23010: An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExte
An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths.
nvd
CVE-2025-23008P4HIGHCVSS 7.2v10.3.1 and earlier versions2025-04-10
CVE-2025-23008 [HIGH] CWE-250 CVE-2025-23008: An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit)
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.
nvd
CVE-2015-4173P4MEDIUMCVSS 6.9fixed in 7.5.227≥ 8.0, < 8.0.2382015-08-26
CVE-2015-4173 [MEDIUM] CWE-428 CVE-2015-4173: Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
nvd
CVE-2025-23007P4MEDIUMCVSS 5.5v10.3.02025-01-30
CVE-2025-23007 [MEDIUM] CWE-269 CVE-2025-23007: A vulnerability in the NetExtender Windows client log export function allows unauthorized access to
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.
nvd
CVE-2023-6340P4MEDIUMCVSS 5.5≤ 10.2.337v10.2.337 and earlier versions2024-01-18
CVE-2023-6340 [MEDIUM] CWE-121 CVE-2023-6340: SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions ar
SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.
nvd