CVE-2021-28962Command Injection in Network Security

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.8%
top 26.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Stormshield Network Security
Timeline
PublishedJan 31
Latest updateFeb 1

Description

Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4p74-9wgm-4fjq: Stormshield Network Security (SNS) before 42022-02-01
CVEList
CVE-2021-28962: Stormshield Network Security (SNS) before 42022-01-31
CVE-2021-28962 — Command Injection in Network Security | cvebase