Stormshield Network Security vulnerabilities

CVE-2021-31814 [MEDIUM] CWE-306 CVE-2021-31814: In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.

CVE-2021-3398 [MEDIUM] CWE-190 CVE-2021-3398: Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.

CVE-2021-31617 [CRITICAL] CWE-119 CVE-2021-31617: In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 throug In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.

CVE-2021-28962 [HIGH] CVE-2021-28962: Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.

CVE-2021-28096 [MEDIUM] CWE-770 CVE-2021-28096: An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can sa An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.

CVE-2002-20001 [HIGH] CWE-400 CVE-2002-20001: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arb The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disr

CVE-2021-28127 [HIGH] CWE-307 CVE-2021-28127: An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.

CVE-2021-28665 [HIGH] CWE-401 CVE-2021-28665: Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.

CVE-2021-27506 [MEDIUM] CVE-2021-27506: The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (S The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.

CVE-2021-3384 [MEDIUM] CVE-2021-3384: A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection rela A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.1

CVE-2020-7465 [CRITICAL] CWE-787 CVE-2020-7465: The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

CVE-2020-7466 [HIGH] CWE-125 CVE-2020-7466: The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.

CVE-2020-8430 [MEDIUM] CWE-601 CVE-2020-8430: Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerabi Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.

CVE-2018-20850 [HIGH] CWE-79 CVE-2018-20850: Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the comman Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.