Network Security (SNS)
by Stormshield
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-31617 | Cri | 0.64 | 9.8 | 0.02 | Jan 31, 2022 | In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution. | ||
| CVE-2021-27932 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2023 | Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. | ||
| CVE-2023-28616 | Hig | 0.49 | 7.5 | 0.00 | Dec 26, 2023 | An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and… | ||
| CVE-2023-26095 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2023 | ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet. | ||
| CVE-2022-30279 | Hig | 0.49 | 7.5 | 0.01 | May 12, 2022 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus… | ||
| CVE-2022-23989 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2022 | In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all… | ||
| CVE-2021-45885 | Hig | 0.49 | 7.5 | 0.01 | Dec 29, 2021 | An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. | ||
| CVE-2025-27829 | Hig | 0.47 | 7.3 | 0.00 | Apr 1, 2025 | An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing… | ||
| CVE-2023-34198 | Hig | 0.47 | 7.3 | 0.01 | Feb 29, 2024 | In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in… | ||
| CVE-2021-28962 | Hig | 0.47 | 7.2 | 0.01 | Jan 31, 2022 | Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | ||
| CVE-2023-47093 | Med | 0.42 | 6.5 | 0.00 | Dec 21, 2023 | An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine. | ||
| CVE-2021-37613 | Med | 0.42 | 6.5 | 0.00 | Feb 10, 2022 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | ||
| CVE-2020-8430 | Med | 0.40 | 6.1 | 0.01 | Apr 13, 2020 | Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | ||
| CVE-2021-3398 | Med | 0.38 | 5.8 | 0.01 | Feb 10, 2022 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | ||
| CVE-2021-27506 | Med | 0.36 | 5.5 | 0.01 | Mar 19, 2021 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19,… | ||
| CVE-2021-3384 | Med | 0.35 | 5.3 | 0.01 | Mar 2, 2021 | A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to… | ||
| CVE-2023-41166 | Med | 0.34 | 5.3 | 0.00 | Dec 21, 2023 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access… | ||
| CVE-2023-41165 | Med | 0.31 | 4.8 | 0.00 | Feb 29, 2024 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a… | ||
| CVE-2024-37386 | Med | 0.27 | 4.2 | 0.00 | Jul 15, 2024 | An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2. | ||
| CVE-2024-31946 | Med | 0.27 | 4.2 | 0.00 | Jul 15, 2024 | An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing… |
- risk 0.64cvss 9.8epss 0.02
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
- risk 0.51cvss 7.8epss 0.00
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and…
- risk 0.49cvss 7.5epss 0.01
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus…
- risk 0.49cvss 7.5epss 0.01
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
- risk 0.47cvss 7.3epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing…
- risk 0.47cvss 7.3epss 0.01
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in…
- risk 0.47cvss 7.2epss 0.01
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
- risk 0.42cvss 6.5epss 0.00
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
- risk 0.40cvss 6.1epss 0.01
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
- risk 0.38cvss 5.8epss 0.01
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
- risk 0.36cvss 5.5epss 0.01
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19,…
- risk 0.35cvss 5.3epss 0.01
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to…
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access…
- risk 0.31cvss 4.8epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a…
- risk 0.27cvss 4.2epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations allow restarting in single-user mode despite the activation of secure boot. The following versions fix this: 4.3.27, 4.7.6, and 4.8.2.
- risk 0.27cvss 4.2epss 0.00
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing…
Page 1 of 2