SonicWall Notice Concerning Privilege Escalation Vulnerability in the Windows NetExtender client (CVE-2015-4173)
SonicWALL Notice Concerning Privilege Escalation Vulnerability in the Windows NetExtender client (CVE-2015-4173)
A vulnerability CVE-2015- 4173, affects a Registry key used by SonicWALL NetExtender client for Windows exposes the system to a binary planting attack that can be triggered upon login. A malicious binary placed in a specific system folder by a low-privileged user could result in code execution upon an Administrator login.
SonicWALL SMB SRA
NetExtender 8.0.236 or earlier
NetExtender 7.5.226 or earlier
NetExtender 8.0.238 (or newer) is included in the SRA Firmware 126.96.36.199-23sv
NetExtender 7.5.227 (or newer) is included in the SRA Firmware 188.8.131.52-40sv
Andrew J. Smith, Security Analyst, Sword & Shield Enterprise Security (http://www.swordshield.com)
The latest 8.0 and 7.5 firmware versions are available for download on www.mysonicwall.com. Please contact SonicWALL Tech Support for any issues in applying this security update.