CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28616
https://notcve.org/view.php?id=CVE-2023-28616
26 Dec 2023 — An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. Se descubrió un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya co... • https://advisories.stormshield.eu/2023-006 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47091
https://notcve.org/view.php?id=CVE-2023-47091
25 Dec 2023 — An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. Se descubrió un problema en Stormshield Network Security (SNS), SNS 4.3.13 a 4.3.22 antes de 4.3.23, SNS 4.6.0 a 4.6.9 antes de 4.6.10 y SNS 4.7.0 a 4.7.1 antes de 4.7.2. . Un atacante puede sobrepasar el umbral de cookies, haciendo imposible... • https://advisories.stormshield.eu • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26095
https://notcve.org/view.php?id=CVE-2023-26095
28 Aug 2023 — ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. • https://advisories.stormshield.eu/2023-007 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27812
https://notcve.org/view.php?id=CVE-2022-27812
24 Aug 2022 — Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. Inundar las versiones 3.7.0 a 3.7.29, 3.11.0 a 3.11.17, 4.2.0 a 4.2.10, y 4.3.0 a 4.3.6 del cortafuegos SNS con tráfico forjado específico, puede conducir a un DoS SNS • https://advisories.stormshield.eu/2022-009 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30279
https://notcve.org/view.php?id=CVE-2022-30279
12 May 2022 — An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. Se ha detectado un problema en Stormshield Network Security (SNS) versiones 4.3.x anteriores a 4.3.8. El registro de eventos del complemento ASQ sofbus lacbus desencadena una desreferencia de puntero NU... • https://advisories.stormshield.eu/2022-015 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23989
https://notcve.org/view.php?id=CVE-2022-23989
15 Mar 2022 — In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. En Stormshield Network Security (SNS) antes de la versión 3.7.25, de la 3.8.x a la 3.... • https://advisories.stormshield.eu/2022-003 •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2021-31617
https://notcve.org/view.php?id=CVE-2021-31617
31 Jan 2022 — In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. En ASQ en Stormshield Network Security (SNS) versiones 1.0.0 hasta 2.7.8, 2.8.0 hasta 2.16.0, 3.0.0 hasta 3.7.20, 3.8.0 hasta 3.11.8, y 4.0.1 hasta 4.2.2, un manejo inapropiado de la memoria puede conllevar a una ejecución de código remota • https://advisories.stormshield.eu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28962
https://notcve.org/view.php?id=CVE-2021-28962
31 Jan 2022 — Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. Stormshield Network Security (SNS) versiones anteriores a 4.2.2, permite que un administrador de sólo lectura obtenga privilegios por medio de comandos CLI • https://advisories.stormshield.eu •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22703
https://notcve.org/view.php?id=CVE-2022-22703
17 Jan 2022 — In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. En Stormshield SSO Agent 2.x versiones anteriores a 2.1.1 y versiones 3.x anteriores a 3.0.2, la contraseña de usuario en texto sin cifrar y el PSK están contenidos en el archivo de registro del instalador .exe • https://advisories.stormshield.eu/2022-001 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45885
https://notcve.org/view.php?id=CVE-2021-45885
29 Dec 2021 — An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. Se ha detectado un problema en Stormshield Network Security (SNS) versiones 4.2.2 a 4.2.7 (corregido en versión 4.2.8). En un escenario específico de actualización-migración, el primer cambio de contraseña SSH no borra correctamente la contraseña antigua • https://advisories.stormshield.eu • CWE-613: Insufficient Session Expiration •