CVE-2023-44218

Summary

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SonicWallNetExtender10.2.336 and earlier versionsaffected

Weaknesses

  • CWE-267: CWE-267: Privilege Defined With Unsafe Actions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References