← back
CVE-2020-5147

CVE-2020-5147

EPSS 1.7%CWE-428
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
Affected products
SonicWall · SonicWall NetExtender
public PoCs found2
cve_referencepacketstormsecurity.com/files/163857/SonicWall-NetExtender-10.2.0.300-Unquoted-Service-Path.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50212unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163857/SonicWall-NetExtender-10.2.0.300-Unquoted-Service-Path.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0023