Stormshield Network Security (SNS) 2.5.0

CPE Details

Stormshield Network Security (SNS) 2.5.0
stormshield
stormshield_network_security
2.5.0
2019-07-08
10h49 +00:00
2024-08-20
12h58 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:stormshield:stormshield_network_security:2.5.0:*:*:*:*:*:*:*

Informations

Vendor

stormshield

Product

stormshield_network_security

Version

2.5.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-34198 2023-12-24 23h00 +00:00 In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.
7.3
High
CVE-2021-31814 2022-02-10 15h28 +00:00 In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
6.1
Medium
CVE-2021-37613 2022-02-10 15h19 +00:00 Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
6.5
Medium
CVE-2021-31617 2022-01-31 14h16 +00:00 In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
9.8
Critical
CVE-2021-28962 2022-01-31 12h50 +00:00 Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
7.2
High
CVE-2021-28096 2022-01-27 13h00 +00:00 An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
5.3
Medium
CVE-2021-28127 2021-07-01 12h01 +00:00 An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
7.5
High
CVE-2021-27506 2021-03-19 13h28 +00:00 The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
5.5
Medium
CVE-2021-3384 2021-03-02 16h08 +00:00 A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.
5.3
Medium
CVE-2018-20850 2019-07-04 11h16 +00:00 Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
8.2
High