거래 등록, MDF, 판매 및 마케팅 도구, 교육 등에 액세스할 수 있습니다
기술 자료, 커뮤니티, 기술 문서 및 동영상을 검색하시면 질문에 대한 답변을 찾을 수 있습니다
SonicWALL Notice Concerning Privilege Escalation Vulnerability in the Windows NetExtender client (CVE-2015-4173)
Dear Customer,
A vulnerability CVE-2015- 4173, affects a Registry key used by SonicWALL NetExtender client for Windows exposes the system to a binary planting attack that can be triggered upon login. A malicious binary placed in a specific system folder by a low-privileged user could result in code execution upon an Administrator login.
SonicWALL SMB SRA
NetExtender version | NetExtender 8.0.236 or earlier NetExtender 7.5.226 or earlier |
Recommended Action | NetExtender 8.0.238 (or newer) is included in the SRA Firmware 8.0.0.3-23sv |
Reported by
Andrew J. Smith, Security Analyst, Sword & Shield Enterprise Security (http://www.swordshield.com)
Additional Information
The latest 8.0 and 7.5 firmware versions are available for download on www.mysonicwall.com. Please contact SonicWALL Tech Support for any issues in applying this security update.