Local Privileges Escalation Vulnerability with SonicWall SSO Agent MSI (Directory Connector)

SonicWall SSO Agent MSI (Directory Connector) local privilege escalation (LPE) vulnerability allows the local low-privileged user to gain system privileges by running the recovery feature.

NOTE: This vulnerability is non-exploitable beyond the network in which the agent is located and would require access to the host where the agent is installed. Additionally, it only impacts the Windows platform.

You can read more about this here :SNWLID-2023-0016

Affected Products/Versions:

4.1.21 and all lower versions of SSO agent (Directory Connector) MSI client/installer.

Resolution:

This vulnerability has been addressed in 4.1.22 version of the SSO agent (Directory Connector). SonicWall Strongly advises customers to upgrade the SSO agent to this version.

TIP: For help with SSO software installation, please follow: How can I Install Single Sign On (SSO) software and configure the SSO feature?

Recommended action:

Upgrade SonicWall SSO Agent (Directory Connector) to 4.1.22 version.

See also:

•  How does SonicWall SSO Agent software work?