Filtered by vendor Stormshield
Subscribe
Search
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2024-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2023-28616 | 1 Stormshield | 1 Network Security | 2024-01-04 | N/A | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. | |||||
| CVE-2023-47091 | 1 Stormshield | 1 Network Security | 2024-01-04 | N/A | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible. | |||||
| CVE-2023-41166 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-29 | N/A | 5.3 MEDIUM |
| An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands. | |||||
| CVE-2023-47093 | 1 Stormshield | 1 Stormshield Network Security | 2023-12-29 | N/A | 6.5 MEDIUM |
| An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | |||||
| CVE-2022-46782 | 1 Stormshield | 1 Ssl Vpn Client | 2023-08-09 | N/A | 7.8 HIGH |
| An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. | |||||
| CVE-2022-4304 | 2 Openssl, Stormshield | 4 Openssl, Endpoint Security, Sslvpn and 1 more | 2023-08-08 | N/A | 5.9 MEDIUM |
| A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. | |||||
| CVE-2022-27812 | 1 Stormshield | 1 Network Security | 2023-08-08 | N/A | 7.5 HIGH |
| Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | |||||
| CVE-2021-31814 | 1 Stormshield | 1 Stormshield Network Security | 2023-08-08 | 3.6 LOW | 6.1 MEDIUM |
| In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | |||||
| CVE-2021-45089 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 2.3 LOW | 5.2 MEDIUM |
| Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. | |||||
| CVE-2021-28665 | 1 Stormshield | 1 Network Security | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service. | |||||
| CVE-2021-28962 | 1 Stormshield | 1 Network Security | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | |||||
| CVE-2021-45091 | 1 Stormshield | 1 Endpoint Security | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. | |||||
| CVE-2021-27506 | 3 Clamav, Netasq Project, Stormshield | 3 Clamav, Netasq, Network Security | 2022-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. | |||||
| CVE-2022-30279 | 1 Stormshield | 1 Network Security | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. | |||||
| CVE-2021-3398 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-23 | 5.0 MEDIUM | 5.8 MEDIUM |
| Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | |||||
| CVE-2021-37613 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-17 | 2.9 LOW | 6.5 MEDIUM |
| Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | |||||
| CVE-2021-31617 | 1 Stormshield | 1 Network Security | 2022-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | |||||
| CVE-2021-28096 | 1 Stormshield | 1 Stormshield Network Security | 2022-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. | |||||
| CVE-2022-22703 | 2 Microsoft, Stormshield | 2 Windows, Network Security | 2022-01-24 | 2.1 LOW | 5.5 MEDIUM |
| In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer. | |||||
| CVE-2021-45885 | 1 Stormshield | 1 Network Security | 2022-01-11 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. | |||||
| CVE-2021-45090 | 1 Stormshield | 1 Endpoint Security | 2022-01-05 | 10.0 HIGH | 9.8 CRITICAL |
| Stormshield Endpoint Security before 2.1.2 allows remote code execution. | |||||
| CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2021-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | |||||
| CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2021-06-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | |||||
| CVE-2021-3384 | 1 Stormshield | 1 Network Security | 2021-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. | |||||
| CVE-2018-20850 | 1 Stormshield | 1 Stormshield Network Security | 2019-07-08 | 7.2 HIGH | 8.2 HIGH |
| Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. | |||||