cbcvebase.

Stormshield Network Security vulnerabilities

35 known vulnerabilities affecting stormshield/stormshield_network_security.

Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH17MEDIUM14

Vulnerabilities

Page 1 of 2
CVE-2023-20032P2CRITICALCVSS 9.8≥ 3.0.0, < 3.7.35≥ 3.8.0, < 3.11.23+2 more2023-03-01
CVE-2023-20032 [CRITICAL] CWE-120 CVE-2023-20032: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vu On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size chec
nvd
CVE-2023-0286P2HIGHCVSS 7.4≥ 2.7.0, < 2.7.11≥ 2.8.0, < 3.7.34+3 more2023-02-08
CVE-2023-0286 [HIGH] CWE-843 CVE-2023-0286: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 General There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp
nvd
CVE-2022-37434P2CRITICALCVSS 9.8≥ 3.7.31, < 3.7.34≥ 3.11.0, < 3.11.22+2 more2022-08-05
CVE-2022-37434 [CRITICAL] CWE-787 CVE-2022-37434: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
nvd
CVE-2002-20001P3HIGHCVSS 7.5≥ 2.7.0, < 4.3.16≥ 4.4.0, < 4.6.32021-11-11
CVE-2002-20001 [HIGH] CWE-400 CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arb The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disr
nvd
CVE-2021-31617P2CRITICALCVSS 9.8≥ 1.0.0, < 2.7.9≥ 2.8.0, < 3.7.21+2 more2022-01-31
CVE-2021-31617 [CRITICAL] CWE-119 CVE-2021-31617: In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 throug In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
nvd
CVE-2022-4450P3HIGHCVSS 7.5≥ 4.0.0, < 4.3.16≥ 4.4.0, < 4.6.32023-02-08
CVE-2022-4450 [HIGH] CWE-415 CVE-2022-4450: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. " The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffe
nvd
CVE-2020-7465P3CRITICALCVSS 9.8≥ 4.0.0, < 4.3.17v4.4.02020-10-06
CVE-2020-7465 [CRITICAL] CWE-787 CVE-2020-7465: The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
nvd
CVE-2022-4304P3MEDIUMCVSS 5.9≥ 2.7.0, < 2.7.11≥ 2.8.0, < 3.7.34+3 more2023-02-08
CVE-2022-4304 [MEDIUM] CWE-203 CVE-2022-4304: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be suffi A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding
nvd
CVE-2021-28962P3HIGHCVSS 7.2≥ 2.5.0, < 2.7.9≥ 2.8.0, < 3.7.21+2 more2022-01-31
CVE-2021-28962 [HIGH] CVE-2021-28962: Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
nvd
CVE-2025-48707P3HIGHCVSS 7.5fixed in 5.0.12025-09-25
CVE-2025-48707 [HIGH] CWE-284 CVE-2025-48707: An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication infor An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret sharing.
nvd
CVE-2023-34198P3HIGHCVSS 7.3≥ 1.0.0, < 3.7.37≥ 3.8.0, < 3.11.25+3 more2024-02-29
CVE-2023-34198 [HIGH] CVE-2023-34198: In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 befo In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may
nvd
CVE-2023-26095P3HIGHCVSS 7.5≥ 4.6.0, < 4.6.3v4.3.152023-08-28
CVE-2023-26095 [HIGH] CWE-20 CVE-2023-26095: ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
nvd
CVE-2022-40617P3HIGHCVSS 7.5≥ 3.11.1, < 3.11.20≥ 4.3.1, < 4.3.15+1 more2022-10-31
CVE-2022-40617 [HIGH] CWE-400 CVE-2022-40617: strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugi strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or
nvd
CVE-2022-23989P3HIGHCVSS 7.5≥ 3.0.0, < 3.7.25≥ 3.8.0, < 3.11.13+2 more2022-03-15
CVE-2022-23989 [HIGH] CVE-2022-23989: In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this vi
nvd
CVE-2023-28616P3HIGHCVSS 7.5≥ 2.7.0, < 4.3.17≥ 4.4.0, < 4.6.4+1 more2023-12-26
CVE-2023-28616 [HIGH] CWE-319 CVE-2023-28616: An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x bef An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
nvd
CVE-2020-7466P3HIGHCVSS 7.5≥ 4.0.0, < 4.3.17v4.4.02020-10-06
CVE-2020-7466 [HIGH] CWE-125 CVE-2020-7466: The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
nvd
CVE-2023-47091P3HIGHCVSS 7.5≥ 4.3.13, < 4.3.23≥ 4.6.0, < 4.6.10+1 more2023-12-25
CVE-2023-47091 [HIGH] CWE-120 CVE-2023-47091: An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.2 An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.
nvd
CVE-2022-30279P3HIGHCVSS 7.5≥ 4.3.3, < 4.3.82022-05-12
CVE-2022-30279 [HIGH] CWE-476 CVE-2022-30279: An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.
nvd
CVE-2023-20052P3MEDIUMCVSS 5.3≥ 3.0.0, < 3.7.35≥ 3.8.0, < 3.11.23+2 more2023-03-01
CVE-2023-20052 [MEDIUM] CWE-611 CVE-2023-20052: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vu On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XM
nvd
CVE-2021-28127P3HIGHCVSS 7.5≥ 2.0.0, ≤ 2.7.9≥ 2.8.0, ≤ 2.16.0+4 more2021-07-01
CVE-2021-28127 [HIGH] CWE-307 CVE-2021-28127: An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
nvd
Stormshield Network Security vulnerabilities | cvebase