SonicWALL Notice Concerning Privilege Escalation Vulnerability in the Windows NetExtender client (CVE-2015-4173)
Dear Customer,
A vulnerability CVE-2015- 4173, affects a Registry key used by SonicWALL NetExtender client for Windows exposes the system to a binary planting attack that can be triggered upon login. A malicious binary placed in a specific system folder by a low-privileged user could result in code execution upon an Administrator login.
SonicWALL SMB SRA
NetExtender version | NetExtender 8.0.236 or earlier NetExtender 7.5.226 or earlier |
Recommended Action | NetExtender 8.0.238 (or newer) is included in the SRA Firmware 8.0.0.3-23sv NetExtender 7.5.227 (or newer) is included in the SRA Firmware 7.5.1.2-40sv |
Reported by
Andrew J. Smith, Security Analyst, Sword & Shield Enterprise Security (http://www.swordshield.com)
Additional Information
The latest 8.0 and 7.5 firmware versions are available for download on www.mysonicwall.com. Please contact SonicWALL Tech Support for any issues in applying this security update.