Sign-up

ID

VAR-201508-0370


CVE

CVE-2015-4173


TITLE

Dell SonicWall NetExtender Firmware autorun Vulnerability that can be obtained privilege in the value of

Trust: 0.8

sources: JVNDB: JVNDB-2015-004497

DESCRIPTION

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. http://cwe.mitre.org/data/definitions/428.htmlBy local users %SYSTEMDRIVE% Permissions may be obtained through the folder Trojan program. Dell SonicWall NetExtender is prone to a remote privilege-escalation vulnerability. Remote attackers can exploit this issue to execute arbitrary code with elevated privileges. Dell SonicWall NetExtender is a SonicWALL network security appliance (NSA) thin client of Dell (Dell), which supports secure connections to remote networks, and can run any application, upload and download files, etc. Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation Vendor Website : http://www.sonicwall.com INDEX --------------------------------------- 1. CVE 2. Background 3. Description 4. Affected Products 5. Solution 6. Credit 7. Disclosure Timeline 1. CVE --------------------------------------- CVE: 2015-4173 2. BACKGROUND --------------------------------------- SonicWALL NetExtender is a transparent software application for users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources in the same way as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection 3. Placement of a malicious binary by a potential attacker within the parent path could allow privileged code execution upon administrative login. 4. AFFECTED PRODUCTS --------------------------------------- Dell SonicWall NetExtender 7.5.215 5. SOLUTION --------------------------------------- Upgrade to firmware version 7.5.1.2 or 8.0.0.3. 6. CREDIT --------------------------------------- This vulnerability was discovered by Andrew Smith of Sword & Shield Enterprise Security. 7. DISCLOSURE TIMELINE --------------------------------------- 5-24-2015 - Vulnerability Discovered/Vendor Informed 5-28-2015 - Vendor Confirmed Report/Vendor Gives Fix Timeline 5-29-2015 - CVE Requested 8-14-2015 - Fix Released and Public Disclosure by Vendor

Trust: 2.16

sources: NVD: CVE-2015-4173 // JVNDB: JVNDB-2015-004497 // BID: 76461 // VULHUB: VHN-82134 // VULMON: CVE-2015-4173 // PACKETSTORM: 133302

AFFECTED PRODUCTS

vendor:sonicwallmodel:netextenderscope:ltversion:7.5.227

Trust: 1.0

vendor:sonicwallmodel:netextenderscope:ltversion:8.0.238

Trust: 1.0

vendor:sonicwallmodel:netextenderscope:gteversion:8.0

Trust: 1.0

vendor:dellmodel:sonicwall netextenderscope:eqversion:8.0.0.3

Trust: 0.8

vendor:dellmodel:sonicwall netextenderscope:ltversion:8.x

Trust: 0.8

vendor:sonicwallmodel:netextenderscope:eqversion:8.0.0.0

Trust: 0.6

vendor:sonicwallmodel:netextenderscope:eqversion:8.0.0.2

Trust: 0.6

vendor:sonicwallmodel:netextenderscope:eqversion:8.0.0.1

Trust: 0.6

vendor:sonicwallmodel:netextenderscope:eqversion:7.5.1.1

Trust: 0.6

vendor:dellmodel:sonicwall netextenderscope:eqversion:7.5.215

Trust: 0.3

vendor:dellmodel:sonicwall netextenderscope:neversion:8.0.0.3

Trust: 0.3

vendor:dellmodel:sonicwall netextenderscope:neversion:7.5.1.2

Trust: 0.3

sources: BID: 76461 // JVNDB: JVNDB-2015-004497 // CNNVD: CNNVD-201508-544 // NVD: CVE-2015-4173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4173
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4173
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-544
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82134
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-4173
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4173
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2015-4173
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-82134
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82134 // VULMON: CVE-2015-4173 // JVNDB: JVNDB-2015-004497 // CNNVD: CNNVD-201508-544 // NVD: CVE-2015-4173

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-82134 // JVNDB: JVNDB-2015-004497 // NVD: CVE-2015-4173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201508-544

TYPE

Design Error

Trust: 0.3

sources: BID: 76461

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004497

PATCH
title:Dell SonicWALL Notice Concerning Privilege Escalation Vulnerability in the Windows NetExtender client (CVE-2015-4173)url:https://support.software.dell.com/ja-jp/product-notification/157537?productname=sonicwall%20netextender
Trust: 0.8
title:Top Pageurl:http://www.sonicwall.com/japan/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004497

EXTERNAL IDS
db:NVDid:CVE-2015-4173
Trust: 3.0
db:PACKETSTORMid:133302
Trust: 2.7
db:SECTRACKid:1033417
Trust: 1.2
db:JVNDBid:JVNDB-2015-004497
Trust: 0.8
db:CNNVDid:CNNVD-201508-544
Trust: 0.7
db:BIDid:76461
Trust: 0.4
db:VULHUBid:VHN-82134
Trust: 0.1
db:VULMONid:CVE-2015-4173
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82134 // 
            
            
            
            VULMON: CVE-2015-4173 // 
            
            
            
            BID: 76461 // 
            
            
            
            JVNDB: JVNDB-2015-004497 // 
            
            
            
            PACKETSTORM: 133302 // 
            
            
            
            CNNVD: CNNVD-201508-544 // 
            
            
            
            NVD: CVE-2015-4173

REFERENCES
url:http://packetstormsecurity.com/files/133302/dell-sonicwall-netextender-7.5.215-privilege-escalation.html
Trust: 2.6
url:http://www.securityfocus.com/archive/1/536303/100/0/threaded
Trust: 1.2
url:https://support.software.dell.com/product-notification/157537
Trust: 1.2
url:http://www.securitytracker.com/id/1033417
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4173
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4173
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/536303/100/0/threaded
Trust: 0.6
url:https://support.software.dell.com/sonicwall-netextender/windows
Trust: 0.3
url:http://seclists.org/bugtraq/2015/aug/60
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/428.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-4173
Trust: 0.1
url:http://www.sonicwall.com
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82134 // 
            
            
            
            VULMON: CVE-2015-4173 // 
            
            
            
            BID: 76461 // 
            
            
            
            JVNDB: JVNDB-2015-004497 // 
            
            
            
            PACKETSTORM: 133302 // 
            
            
            
            CNNVD: CNNVD-201508-544 // 
            
            
            
            NVD: CVE-2015-4173

CREDITS
Andrew Smith of Sword & Shield Enterprise Security.
Trust: 0.3
sources:
            
            
            BID: 76461

SOURCES
db:VULHUBid:VHN-82134
db:VULMONid:CVE-2015-4173
db:BIDid:76461
db:JVNDBid:JVNDB-2015-004497
db:PACKETSTORMid:133302
db:CNNVDid:CNNVD-201508-544
db:NVDid:CVE-2015-4173

LAST UPDATE DATE
2024-11-23T23:02:40.015000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82134date:2020-08-05T00:00:00
db:VULMONid:CVE-2015-4173date:2020-08-05T00:00:00
db:BIDid:76461date:2015-08-24T00:00:00
db:JVNDBid:JVNDB-2015-004497date:2015-08-31T00:00:00
db:CNNVDid:CNNVD-201508-544date:2015-08-27T00:00:00
db:NVDid:CVE-2015-4173date:2024-11-21T02:30:34.140

SOURCES RELEASE DATE
db:VULHUBid:VHN-82134date:2015-08-26T00:00:00
db:VULMONid:CVE-2015-4173date:2015-08-26T00:00:00
db:BIDid:76461date:2015-08-24T00:00:00
db:JVNDBid:JVNDB-2015-004497date:2015-08-31T00:00:00
db:PACKETSTORMid:133302date:2015-08-25T01:06:02
db:CNNVDid:CNNVD-201508-544date:2015-08-27T00:00:00
db:NVDid:CVE-2015-4173date:2015-08-26T19:59:06.690