Vulnerability Description
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Netextender | < 7.5.227 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-PThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/536303/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033417Third Party AdvisoryVDB Entry
- https://support.software.dell.com/product-notification/157537Broken Link
- http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-PThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/536303/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033417Third Party AdvisoryVDB Entry
- https://support.software.dell.com/product-notification/157537Broken Link
FAQ
What is CVE-2015-4173?
CVE-2015-4173 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8....
How severe is CVE-2015-4173?
CVE-2015-4173 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4173?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Netextender.