CVE-2015-4173

Published: Aug 26, 2015Modified: May 6, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

Affected (2)

Products: Sonicwall: Netextender

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Netextender	Before 7.5.227
Sonicwall Netextender	From 8.0 to 8.0.238

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (8)

http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/536303/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033417

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://support.software.dell.com/product-notification/157537

Source: cve@mitre.org

Broken Link

http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/536303/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033417

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.software.dell.com/product-notification/157537

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.