CVE-2023-44218: 
SonicWall NetExtender vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2023-44218) was identified in the SonicWall NetExtender Pre-Logon feature. The vulnerability enables unauthorized users to gain access to the host Windows operating system with 'SYSTEM' level privileges. This vulnerability affects NetExtender Windows client versions up to and including 10.2.336 (SonicWall Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) by NIST with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. SonicWall assigned a slightly different score of 8.8 (HIGH) with vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-267 (Privilege Defined With Unsafe Actions) (NVD).

The successful exploitation of this vulnerability allows an unauthorized user to escalate privileges to SYSTEM level on the affected Windows system, potentially giving them complete control over the host operating system (NVD).

Users are advised to upgrade to NetExtender version 10.2.337 or later to address this vulnerability (SonicWall Advisory).