33 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. Se descubrió un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contraseña tiene un signo igual o un espacio. • https://advisories.stormshield.eu/2023-006 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. Se descubrió un problema en Stormshield Network Security (SNS), SNS 4.3.13 a 4.3.22 antes de 4.3.23, SNS 4.6.0 a 4.6.9 antes de 4.6.10 y SNS 4.7.0 a 4.7.1 antes de 4.7.2. . Un atacante puede sobrepasar el umbral de cookies, haciendo imposible una conexión IPsec. • https://advisories.stormshield.eu https://advisories.stormshield.eu/2023-024 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. Se descubrió un problema en Stormshield Network Security (SNS) 4.0.0 a 4.3.21, 4.4.0 a 4.6.8 y 4.7.0. El envío de un paquete ICMP manipulado puede provocar un fallo del motor ASQ. • https://advisories.stormshield.eu/2023-031 •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. Se descubrió un problema en Stormshield Network Security (SNS) 3.7.0 a 3.7.39, 3.11.0 a 3.11.27, 4.3.0 a 4.3.22, 4.6.0 a 4.6.9 y 4.7.0 a 4.7. 1. Es posible saber si existe una cuenta de usuario específica en el firewall SNS mediante comandos de acceso remoto. • https://advisories.stormshield.eu/2023-027 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. • https://advisories.stormshield.eu/2023-007 • CWE-20: Improper Input Validation •