CVE-2021-45885
Description
In Stormshield Network Security 4.2.2–4.2.7, the first SSH password change after an update-migration does not clear the old password, leaving it accessible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Stormshield Network Security 4.2.2–4.2.7, the first SSH password change after an update-migration does not clear the old password, leaving it accessible.
Vulnerability
In Stormshield Network Security (SNS) versions 4.2.2 through 4.2.7, during a specific update migration scenario (migrating from versions ≤ 4.1.8 to 4.2.2–4.2.7), the first SSH password change does not properly clear the old password from the secret repository [1]. This affects only the first occurrence of a password change after the migration; subsequent changes behave correctly. The issue is fixed in SNS 4.2.8 [1].
Exploitation
An attacker with adjacent network access and no privileges or user interaction required can exploit this vulnerability [1]. The attack vector is adjacent network, and the attack complexity is low. No authentication is needed initially, but the attacker must be able to access the stored old password in the secret repository to leverage it [1].
Impact
Successful exploitation leads to confidentiality, integrity, and availability impacts all rated as high, with a CVSS v3.1 base score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) [1]. The scope is changed, meaning the compromised component impacts resources beyond its original authorization. An attacker can obtain the old SSH password and potentially gain unauthorized access to the system, escalate privileges, or disrupt services.
Mitigation
The vulnerability is fixed in Stormshield Network Security version 4.2.8, released on an unknown date [1]. As a workaround, administrators can manually clean up the specific secret repository on the SNS; details are available in Stormshield's knowledge base [1]. There is no indication of this vulnerability being listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Stormshield/Network Securitydescription
- Range: >=4.2.2 <=4.2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Under a specific update-migration scenario, the first SSH password change does not properly clear the old password from the secret repository."
Attack vector
An attacker on an adjacent network can exploit this flaw without authentication or user interaction [ref_id=1]. After a migration from SNS <= 4.1.8 to a vulnerable version (4.2.2–4.2.7), the first SSH password change does not properly clear the previous password. An attacker who obtains the old password (e.g., through a separate compromise or credential leak) can still authenticate with it because the old secret remains in the repository.
Affected code
The advisory [ref_id=1] does not name specific functions or files. It states the vulnerability occurs during the first SSH password change after migrating from SNS versions <= 4.1.8 to versions 4.2.2 through 4.2.7. The flaw resides in the password-change routine that fails to clear the old password from a "specific secret repository."
What the fix does
The advisory [ref_id=1] states that version 4.2.8 fixes the vulnerability. No patch diff is provided. The recommended workaround is to manually clean the specific secret repository on the SNS appliance using a procedure from the vendor's knowledge base. The fix ensures that the old SSH password is properly cleared during the first password change after migration.
Preconditions
- configThe SNS appliance must have been migrated from a version <= 4.1.8 to a version between 4.2.2 and 4.2.7 inclusive.
- networkThe attacker must be on an adjacent network to the SNS appliance.
- inputThe first SSH password change after migration must have occurred, leaving the old password uncleared.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- advisories.stormshield.eumitrex_refsource_MISC
- advisories.stormshield.eu/2021-069/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.