cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23007,https://securityvulnerability.io/vulnerability/CVE-2025-23007,Unauthorized Access Vulnerability in NetExtender Windows Client by SonicWall,"A vulnerability in the log export function of SonicWall's NetExtender Windows client permits unauthorized access to sensitive system files on Windows systems. This security flaw could lead to privilege escalation, allowing attackers to manipulate system configurations or access confidential data without proper authorization. Users of the affected versions should apply available security updates to mitigate potential risks.",Sonicwall,Netextender,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-30T09:44:17.800Z,0
CVE-2024-29014,https://securityvulnerability.io/vulnerability/CVE-2024-29014,Attackers Can Execute Arbitrary Code via SonicWall NetExtender Client Update,"The SonicWall NetExtender client update vulnerability (CVE-2024-29014) allows attackers to execute arbitrary code, while the Palo Alto Networks GlobalProtect App vulnerability (CVE-2024-5921) allows for remote code execution and privilege escalation. These vulnerabilities can be exploited to achieve remote code execution. Both vendors have released patches to address these vulnerabilities. While the exploits have not been exploited by ransomware groups, the potential impact of the vulnerabilities is significant, as attackers could install malicious software and compromise systems. The release of NachoVPN, an open-source tool that simulates rogue VPN servers capable of exploiting these and other vulnerabilities, highlights the urgency of addressing these vulnerabilities.",Sonicwall,Netextender,8.8,HIGH,0.0004900000058114529,false,,true,false,false,,,false,false,,2024-07-18T07:37:12.258Z,0
CVE-2023-6340,https://securityvulnerability.io/vulnerability/CVE-2023-6340,Stack-Based Buffer Overflow in SonicWall Capture Client and NetExtender Client,"The sfpmonitor.sys driver in SonicWall's Capture Client and NetExtender client is susceptible to a stack-based buffer overflow. This vulnerability can be exploited to trigger denial-of-service conditions, impacting system availability. Users are encouraged to update their software to mitigate potential risks associated with this vulnerability.",Sonicwall,"Capture Client,Netextender",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-18T00:15:00.000Z,0
CVE-2023-44220,https://securityvulnerability.io/vulnerability/CVE-2023-44220,DLL Search Order Hijacking in SonicWall NetExtender for Windows,"SonicWall NetExtender for Windows versions 10.2.336 and earlier are susceptible to a DLL Search Order Hijacking vulnerability. This issue arises in the start-up DLL component, allowing local attackers to exploit the vulnerability to execute arbitrary commands on the affected system, potentially compromising system integrity and data security.",Sonicwall,Netextender,7.3,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-27T08:15:00.000Z,0
CVE-2023-44217,https://securityvulnerability.io/vulnerability/CVE-2023-44217,Local Privilege Escalation Vulnerability in SonicWall Net Extender for Windows,"A vulnerability exists in SonicWall Net Extender MSI client for Windows that enables a local low-privileged user to escalate their privileges to system level. This is achieved by exploiting the repair functionality in affected versions, specifically versions 10.2.336 and earlier. As this vulnerability could allow unauthorized users to gain heightened access on the system, it's critical to address it promptly to protect sensitive information and system integrity.",Sonicwall,Netextender,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-03T08:15:00.000Z,0
CVE-2023-44218,https://securityvulnerability.io/vulnerability/CVE-2023-44218,Local Privilege Escalation Vulnerability in SonicWall NetExtender,"A vulnerability in the SonicWall NetExtender Pre-Logon feature allows unauthorized users to gain access to the underlying Windows operating system with SYSTEM level privileges. This flaw can lead to local privilege escalation, potentially enabling malicious activities by unauthorized users. Organizations using affected versions of NetExtender should take prompt action to mitigate this risk as detailed in the vendor's advisory.",Sonicwall,Netextender,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-03T08:15:00.000Z,0
CVE-2022-22281,https://securityvulnerability.io/vulnerability/CVE-2022-22281,Buffer Overflow Vulnerability in SonicWall SSL-VPN NetExtender Windows Client,"A buffer overflow vulnerability exists in the SonicWall SSL-VPN NetExtender Windows Client, impacting both 32-bit and 64-bit versions up to 10.2.322. This flaw can allow an attacker to exploit the vulnerability, potentially leading to arbitrary code execution in the host Windows operating system. Organizations using affected versions should upgrade to secure their systems against potential exploitation.",Sonicwall,Sonicwall Netextender Windows (32 And 64 Bit) Client,7.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2022-05-13T19:40:17.000Z,0
CVE-2020-5147,https://securityvulnerability.io/vulnerability/CVE-2020-5147,,"SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.",Sonicwall,Sonicwall Netextender,5.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-01-09T00:15:15.000Z,0
CVE-2020-5131,https://securityvulnerability.io/vulnerability/CVE-2020-5131,,"SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.",Sonicwall,Sonicwall Netextender,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-07-17T17:15:15.000Z,0
CVE-2015-4173,https://securityvulnerability.io/vulnerability/CVE-2015-4173,,"Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.",Sonicwall,Netextender,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2015-08-26T19:00:00.000Z,0