Stormshield Network Security vulnerabilities
35 known vulnerabilities affecting stormshield/stormshield_network_security.
Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH17MEDIUM14
Vulnerabilities
Page 2 of 2
CVE-2022-27812P3HIGHCVSS 7.5≥ 3.7.0, < 3.7.30≥ 3.11.0, < 3.11.18+2 more2022-08-24
CVE-2022-27812 [HIGH] CVE-2022-27812: Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
nvd
CVE-2018-20850P3HIGHCVSS 8.2≥ 2.0.0, ≤ 2.13.0≥ 3.0.0, ≤ 3.7.12019-07-04
CVE-2018-20850 [HIGH] CWE-79 CVE-2018-20850: Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the comman
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
nvd
CVE-2021-28665P4HIGHCVSS 7.5≥ 3.8.0, < 3.11.5≥ 4.0.0, < 4.1.52021-05-06
CVE-2021-28665 [HIGH] CWE-401 CVE-2021-28665: Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
nvd
CVE-2023-41166P4MEDIUMCVSS 5.3≥ 3.7.0, ≤ 3.7.39≥ 3.11.0, ≤ 3.11.27+3 more2023-12-21
CVE-2023-41166 [MEDIUM] CVE-2023-41166: An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
nvd
CVE-2021-3384P4MEDIUMCVSS 5.3≥ 2.0.0, < 2.7.8≥ 2.8.0, ≤ 2.16.0+3 more2021-03-02
CVE-2021-3384 [MEDIUM] CVE-2021-3384: A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection rela
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.1
nvd
CVE-2026-8474P4MEDIUMCVSS 5.3≥ 4.3.0, ≤ 4.3.41≥ 4.8.0, ≤ 4.8.15+1 more2026-06-01
CVE-2026-8474 [MEDIUM] CWE-79 CVE-2026-8474: A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8
A vulnerability was discovered on Stormshield Network Security
* 4.3.0 to 4.3.41,
* 4.8.0 to 4.8.15,
* 5.0.0 to 5.0.5
It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification o
nvd
CVE-2021-3398P4MEDIUMCVSS 5.8≥ 3.0.0, ≤ 3.7.24≥ 3.8.0, ≤ 3.11.122022-02-10
CVE-2021-3398 [MEDIUM] CWE-190 CVE-2021-3398: Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
nvd
CVE-2020-8430P4MEDIUMCVSS 6.1≥ 3.0.0, ≤ 3.7.10≥ 3.8.0, ≤ 3.10.0+1 more2020-04-13
CVE-2020-8430 [MEDIUM] CWE-601 CVE-2020-8430: Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerabi
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
nvd
CVE-2023-47093P4MEDIUMCVSS 6.5≥ 4.0.0, < 4.3.22≥ 4.4.0, < 4.6.9+1 more2023-12-21
CVE-2023-47093 [MEDIUM] CVE-2023-47093: An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
nvd
CVE-2021-28096P4MEDIUMCVSS 5.3≥ 2.0.0, ≤ 2.7.8≥ 3.7.6, ≤ 3.7.20+2 more2022-01-27
CVE-2021-28096 [MEDIUM] CWE-770 CVE-2021-28096: An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can sa
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
nvd
CVE-2021-31814P4MEDIUMCVSS 6.1≥ 2.1.0, ≤ 2.9.0v1.1.02022-02-10
CVE-2021-31814 [MEDIUM] CWE-306 CVE-2021-31814: In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
nvd
CVE-2021-27506P4MEDIUMCVSS 5.5≥ 1.0, ≤ 4.2.02021-03-19
CVE-2021-27506 [MEDIUM] CVE-2021-27506: The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (S
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
nvd
CVE-2020-11711P4MEDIUMCVSS 4.8≥ 3.6.0, < 3.7.13≥ 3.8.0, < 3.11.0+1 more2023-08-25
CVE-2020-11711 [MEDIUM] CWE-79 CVE-2020-11711: An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute J
nvd
CVE-2023-41165P4MEDIUMCVSS 4.8≥ 3.7.0, < 3.7.39≥ 3.10.0, < 3.11.27+2 more2024-02-29
CVE-2023-41165 [MEDIUM] CWE-79 CVE-2023-41165: An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in d
nvd
CVE-2021-37613P4MEDIUMCVSS 6.5≥ 1.0.0, ≤ 1.6.1≥ 2.0.0, ≤ 2.7.8+4 more2022-02-10
CVE-2021-37613 [MEDIUM] CVE-2021-37613: Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
nvd
← Previous2 / 2