Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN066 _____________________________________________________________________ DATE : 04/02/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows running SonicWall NetExtender versions prior to 10.3.1. ===================================================================== https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0005 _____________________________________________________________________ SonicWall NetExtender Local Privilege Escalation via Arbitrary SYSTEM File Read 6.5 Overview Advisory ID SNWLID-2025-0005 First Published 2025-01-30 Last Updated 2025-01-30 Workaround false Status Applicable CVE CVE-2025-23007 CWE CWE-269 CVSS v3 6.5 CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Direct Link Summary A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. Affected Product(s) NetExtender Windows (32 and 64 bit) 10.3.0 and earlier versions. Note: NetExtender Linux client versions are not affected by this vulnerability. CPE(s) Workaround None Fixed Software NetExtender Windows (32 and 64 bit) 10.3.1 and higher versions. Comments Credit(s) Eduardo Pérez-Malumbres Cervera of KPMG Madrid. Revision History Version 1.0 Date 30-Jan-2025 Description Initial Release. Reference(s) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================