This page lists publicly disclosed CVE vulnerabilities affecting sonicwall netextender (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-29014 | Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | [email protected] | 8.8 | 1.79% | 2024-07-18 | 2024-11-21 |
| CVE-2023-6340 | SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. | [email protected] | 5.5 | 0.21% | 2024-01-18 | 2025-06-11 |
| CVE-2023-44220 | SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | [email protected] | 7.3 | 0.29% | 2023-10-27 | 2024-11-21 |
| CVE-2023-44218 | A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | [email protected] | 8.8 | 0.20% | 2023-10-03 | 2024-11-21 |
| CVE-2023-44217 | A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. | [email protected] | 7.8 | 0.18% | 2023-10-03 | 2024-11-21 |
| CVE-2022-22281 | A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system. | [email protected] | 7.8 | 0.47% | 2022-05-13 | 2024-11-21 |
| CVE-2020-5147 | SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier. | [email protected] | 5.3 | 1.66% | 2021-01-09 | 2024-11-21 |
| CVE-2020-5131 | SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. | [email protected] | 7.8 | 0.55% | 2020-07-17 | 2024-11-21 |
| CVE-2015-4173 | Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | [email protected] | 6.9 | 2.07% | 2015-08-26 | 2026-05-06 |