cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-29014,https://securityvulnerability.io/vulnerability/CVE-2024-29014,Attackers Can Execute Arbitrary Code via SonicWall NetExtender Client Update,"The SonicWall NetExtender client update vulnerability (CVE-2024-29014) allows attackers to execute arbitrary code, while the Palo Alto Networks GlobalProtect App vulnerability (CVE-2024-5921) allows for remote code execution and privilege escalation. These vulnerabilities can be exploited to achieve remote code execution. Both vendors have released patches to address these vulnerabilities. While the exploits have not been exploited by ransomware groups, the potential impact of the vulnerabilities is significant, as attackers could install malicious software and compromise systems. The release of NachoVPN, an open-source tool that simulates rogue VPN servers capable of exploiting these and other vulnerabilities, highlights the urgency of addressing these vulnerabilities.",Sonicwall,Netextender,8.8,HIGH,0.0004900000058114529,false,true,false,false,,false,false,2024-07-18T07:37:12.258Z,0 CVE-2023-6340,https://securityvulnerability.io/vulnerability/CVE-2023-6340,,"SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.",Sonicwall,"Capture Client,Netextender",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-01-18T00:15:00.000Z,0 CVE-2023-44220,https://securityvulnerability.io/vulnerability/CVE-2023-44220,,SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.,Sonicwall,Netextender,7.3,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-10-27T08:15:00.000Z,0 CVE-2023-44217,https://securityvulnerability.io/vulnerability/CVE-2023-44217,," A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. ",Sonicwall,Netextender,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-10-03T08:15:00.000Z,0 CVE-2023-44218,https://securityvulnerability.io/vulnerability/CVE-2023-44218,," A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. ",Sonicwall,Netextender,8.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-10-03T08:15:00.000Z,0 CVE-2022-22281,https://securityvulnerability.io/vulnerability/CVE-2022-22281,,"A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.",Sonicwall,Sonicwall Netextender Windows (32 And 64 Bit) Client,7.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2022-05-13T19:40:17.000Z,0 CVE-2020-5147,https://securityvulnerability.io/vulnerability/CVE-2020-5147,,"SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.",Sonicwall,Sonicwall Netextender,5.3,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2021-01-09T00:15:15.000Z,0 CVE-2020-5131,https://securityvulnerability.io/vulnerability/CVE-2020-5131,,"SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.",Sonicwall,Sonicwall Netextender,7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2020-07-17T17:15:15.000Z,0 CVE-2015-4173,https://securityvulnerability.io/vulnerability/CVE-2015-4173,,"Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.",Sonicwall,Netextender,,,0.0004400000034365803,false,false,false,false,,false,false,2015-08-26T19:00:00.000Z,0