CVE-2023-44217: 
SonicWall NetExtender vulnerability analysis and mitigation

A local privilege escalation vulnerability was discovered in SonicWall Net Extender MSI client for Windows, affecting version 10.2.336 and earlier versions. The vulnerability, identified as CVE-2023-44217, was disclosed on October 3, 2023. This security flaw allows a local low-privileged user to gain system privileges through the exploitation of the repair functionality (NVD, GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High severity) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit. No user interaction is needed for exploitation. The vulnerability is associated with CWE-269 (Improper Privilege Management) (NVD).

The successful exploitation of this vulnerability can result in a complete compromise of system privileges, allowing an attacker to gain elevated access to the system. This impacts the confidentiality, integrity, and availability of the system, all rated as High in the CVSS scoring (NVD).

Users are advised to upgrade to SonicWall Net Extender MSI client versions newer than 10.2.336 to address this vulnerability (NVD).