cvelistv5 - CVE-2015-4173

CVE-2015-4173

Vulnerability from cvelistv5

Published

2015-08-26 19:00

Modified

2024-08-06 06:04

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/536303/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1033417	Third Party Advisory, VDB Entry
cve@mitre.org	https://support.software.dell.com/product-notification/157537	Broken Link

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:02.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html"
          },
          {
            "name": "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
          },
          {
            "name": "1033417",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033417"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.software.dell.com/product-notification/157537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html"
        },
        {
          "name": "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
        },
        {
          "name": "1033417",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033417"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.software.dell.com/product-notification/157537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4173",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html"
            },
            {
              "name": "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
            },
            {
              "name": "1033417",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033417"
            },
            {
              "name": "https://support.software.dell.com/product-notification/157537",
              "refsource": "CONFIRM",
              "url": "https://support.software.dell.com/product-notification/157537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4173",
    "datePublished": "2015-08-26T19:00:00",
    "dateReserved": "2015-06-03T00:00:00",
    "dateUpdated": "2024-08-06T06:04:02.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4173\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-08-26T19:59:06.690\",\"lastModified\":\"2020-08-05T15:04:21.490\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en b\u00fasqueda de directorio sin entrecomillar en Windows en el valor autorun en Dell SonicWall NetExtender en versiones anteriores a 7.5.227 y 8.0.x en versiones anteriores a 8.0.238, tal como se utiliza en el firmware SRA en versiones anteriores a 7.5.1.2-40sv y 8.x en versiones anteriores a 8.0.0.3-23sv, permite a usuarios locales obtener privilegios a trav\u00e9s de un Troyano en la carpeta %SYSTEMDRIVE%.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.5.227\",\"matchCriteriaId\":\"3D2B5778-375D-49FB-9495-DF2FF7B1858B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.0.238\",\"matchCriteriaId\":\"BA27A495-8F30-4127-ADDB-B64B366A4666\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/536303/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.software.dell.com/product-notification/157537\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. http://cwe.mitre.org/data/definitions/428.htmlBy local users %SYSTEMDRIVE% Permissions may be obtained through the folder Trojan program. Dell SonicWall NetExtender is prone to a remote privilege-escalation vulnerability. Remote attackers can exploit this issue to execute arbitrary code with elevated privileges. Dell SonicWall NetExtender is a SonicWALL network security appliance (NSA) thin client of Dell (Dell), which supports secure connections to remote networks, and can run any application, upload and download files, etc. Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation

Vendor Website : http://www.sonicwall.com

INDEX

1. CVE
2. Background
3. Description
4. Affected Products
5. Solution
6. Credit
7. Disclosure Timeline

1. CVE

CVE: 2015-4173

2. BACKGROUND

SonicWALL NetExtender is a transparent software application for users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources in the same way as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection

Placement of a malicious binary by a potential attacker within the parent path could allow privileged code execution upon administrative login.

4. AFFECTED PRODUCTS

Dell SonicWall NetExtender 7.5.215

5. SOLUTION

Upgrade to firmware version 7.5.1.2 or 8.0.0.3.

6. CREDIT

This vulnerability was discovered by Andrew Smith of Sword & Shield Enterprise Security.

7. DISCLOSURE TIMELINE

5-24-2015 - Vulnerability Discovered/Vendor Informed
5-28-2015 - Vendor Confirmed Report/Vendor Gives Fix Timeline
5-29-2015 - CVE Requested
8-14-2015 - Fix Released and Public Disclosure by Vendor

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0370",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netextender",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "8.0"
      },
      {
        "model": "netextender",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "8.0.238"
      },
      {
        "model": "netextender",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sonicwall",
        "version": "7.5.227"
      },
      {
        "model": "sonicwall netextender",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "dell",
        "version": "8.0.0.3"
      },
      {
        "model": "sonicwall netextender",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "dell",
        "version": "8.x"
      },
      {
        "model": "netextender",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sonicwall",
        "version": "8.0.0.0"
      },
      {
        "model": "netextender",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sonicwall",
        "version": "8.0.0.2"
      },
      {
        "model": "netextender",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sonicwall",
        "version": "8.0.0.1"
      },
      {
        "model": "netextender",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sonicwall",
        "version": "7.5.1.1"
      },
      {
        "model": "sonicwall netextender",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "7.5.215"
      },
      {
        "model": "sonicwall netextender",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "8.0.0.3"
      },
      {
        "model": "sonicwall netextender",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "7.5.1.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.227",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.238",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrew Smith of Sword \u0026 Shield Enterprise Security.",
    "sources": [
      {
        "db": "BID",
        "id": "76461"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4173",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-4173",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-82134",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2015-4173",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4173",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201508-544",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82134",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-4173",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. http://cwe.mitre.org/data/definitions/428.htmlBy local users %SYSTEMDRIVE% Permissions may be obtained through the folder Trojan program. Dell SonicWall NetExtender is prone to a remote privilege-escalation vulnerability. \nRemote attackers can exploit this issue to execute arbitrary code with elevated privileges. Dell SonicWall NetExtender is a SonicWALL network security appliance (NSA) thin client of Dell (Dell), which supports secure connections to remote networks, and can run any application, upload and download files, etc. Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation\n\nVendor Website : http://www.sonicwall.com\n\nINDEX\n---------------------------------------\n    1. CVE\n    2. Background\n    3. Description\n    4. Affected Products\n    5. Solution\n    6. Credit\n    7. Disclosure Timeline\n\n1. CVE\n---------------------------------------\n    CVE: 2015-4173\n\n\n2. BACKGROUND\n---------------------------------------\n    SonicWALL NetExtender is a transparent software application for users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources in the same way as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection\n\n\n3. Placement of a malicious binary by a potential attacker within the parent path could allow privileged code execution upon administrative login. \n\n\n4. AFFECTED PRODUCTS\n---------------------------------------\n    Dell SonicWall NetExtender 7.5.215\n\n\n5. SOLUTION\n---------------------------------------\n    Upgrade to firmware version 7.5.1.2 or 8.0.0.3. \n\n\n6. CREDIT\n---------------------------------------\n    This vulnerability was discovered by Andrew Smith of Sword \u0026 Shield Enterprise Security. \n\n\n7. DISCLOSURE TIMELINE\n---------------------------------------\n    5-24-2015 - Vulnerability Discovered/Vendor Informed\n    5-28-2015 - Vendor Confirmed Report/Vendor Gives Fix Timeline\n    5-29-2015 - CVE Requested\n    8-14-2015 - Fix Released and Public Disclosure by Vendor\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "BID",
        "id": "76461"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "db": "PACKETSTORM",
        "id": "133302"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4173",
        "trust": 3.0
      },
      {
        "db": "PACKETSTORM",
        "id": "133302",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1033417",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "76461",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-82134",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4173",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "db": "BID",
        "id": "76461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "PACKETSTORM",
        "id": "133302"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "id": "VAR-201508-0370",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:03:22.579000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Dell SonicWALL Notice Concerning Privilege Escalation Vulnerability in the Windows NetExtender client (CVE-2015-4173)",
        "trust": 0.8,
        "url": "https://support.software.dell.com/ja-jp/product-notification/157537?productname=sonicwall%20netextender"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.sonicwall.com/japan/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-428",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://packetstormsecurity.com/files/133302/dell-sonicwall-netextender-7.5.215-privilege-escalation.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
      },
      {
        "trust": 1.2,
        "url": "https://support.software.dell.com/product-notification/157537"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1033417"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4173"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4173"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/536303/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "https://support.software.dell.com/sonicwall-netextender/windows"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/60"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/428.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4173"
      },
      {
        "trust": 0.1,
        "url": "http://www.sonicwall.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "db": "BID",
        "id": "76461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "PACKETSTORM",
        "id": "133302"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "db": "BID",
        "id": "76461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "db": "PACKETSTORM",
        "id": "133302"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "date": "2015-08-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "date": "2015-08-24T00:00:00",
        "db": "BID",
        "id": "76461"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "date": "2015-08-25T01:06:02",
        "db": "PACKETSTORM",
        "id": "133302"
      },
      {
        "date": "2015-08-26T19:59:06.690000",
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "date": "2015-08-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82134"
      },
      {
        "date": "2020-08-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-4173"
      },
      {
        "date": "2015-08-24T00:00:00",
        "db": "BID",
        "id": "76461"
      },
      {
        "date": "2015-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      },
      {
        "date": "2020-08-05T15:04:21.490000",
        "db": "NVD",
        "id": "CVE-2015-4173"
      },
      {
        "date": "2015-08-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201508-544"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dell SonicWall NetExtender Firmware  autorun Vulnerability that can be obtained privilege in the value of",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004497"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "76461"
      }
    ],
    "trust": 0.3
  }
}

gsd-2015-4173

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2015-4173

Aliases

CVE-2015-4173

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4173",
    "description": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.",
    "id": "GSD-2015-4173"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4173"
      ],
      "details": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.",
      "id": "GSD-2015-4173",
      "modified": "2023-12-13T01:19:59.332490Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-4173",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html"
          },
          {
            "name": "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
          },
          {
            "name": "1033417",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033417"
          },
          {
            "name": "https://support.software.dell.com/product-notification/157537",
            "refsource": "CONFIRM",
            "url": "https://support.software.dell.com/product-notification/157537"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.227",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.238",
                "versionStartIncluding": "8.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4173"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-428"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html"
            },
            {
              "name": "https://support.software.dell.com/product-notification/157537",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://support.software.dell.com/product-notification/157537"
            },
            {
              "name": "1033417",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1033417"
            },
            {
              "name": "20150824 Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2020-08-05T15:04Z",
      "publishedDate": "2015-08-26T19:59Z"
    }
  }
}

ghsa-34vh-gp42-g4h6

Vulnerability from github

Published

2022-05-13 01:24

Modified

2022-05-13 01:24

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-428"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-26T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.",
  "id": "GHSA-34vh-gp42-g4h6",
  "modified": "2022-05-13T01:24:30Z",
  "published": "2022-05-13T01:24:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4173"
    },
    {
      "type": "WEB",
      "url": "https://support.software.dell.com/product-notification/157537"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/133302/Dell-SonicWall-NetExtender-7.5.215-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/536303/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033417"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-4173

Vulnerability from cvelistv5

var-201508-0370

Vulnerability from variot

INDEX

1. CVE

2. BACKGROUND

4. AFFECTED PRODUCTS

5. SOLUTION

6. CREDIT

7. DISCLOSURE TIMELINE

gsd-2015-4173

Vulnerability from gsd

ghsa-34vh-gp42-g4h6

Vulnerability from github

Tags

Sightings

Nomenclature