Lucene search

[email protected]CVE-2021-28127

HistoryJul 01, 2021 - 3:15 p.m.

CVE-2021-28127

2021-07-0115:15:08

CWE-307

[email protected]

web.nvd.nist.gov

stormshield

sns

cve-2021-28127

brute-force attack

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.1%

JSON

An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.

Affected configurations

NVD

Node

stormshieldstormshield_network_securityRange2.0.0–2.7.9

stormshieldstormshield_network_securityRange2.8.0–2.16.0

stormshieldstormshield_network_securityRange3.0.0–3.7.19

stormshieldstormshield_network_securityRange3.8.0–3.11.7

stormshieldstormshield_network_securityRange4.0.0–4.1.5

stormshieldstormshield_network_securityMatch4.2.1

CPENameOperatorVersion
stormshield:stormshield_network_securitystormshield stormshield network securityle2.7.9
stormshield:stormshield_network_securitystormshield stormshield network securityle2.16.0
stormshield:stormshield_network_securitystormshield stormshield network securityle3.7.19
stormshield:stormshield_network_securitystormshield stormshield network securityle3.11.7
stormshield:stormshield_network_securitystormshield stormshield network securityle4.1.5
stormshield:stormshield_network_securitystormshield stormshield network securityeq4.2.1

CPE	Name	Operator	Version
stormshield:stormshield_network_security	stormshield stormshield network security	le	2.7.9
stormshield:stormshield_network_security	stormshield stormshield network security	le	2.16.0
stormshield:stormshield_network_security	stormshield stormshield network security	le	3.7.19
stormshield:stormshield_network_security	stormshield stormshield network security	le	3.11.7
stormshield:stormshield_network_security	stormshield stormshield network security	le	4.1.5
stormshield:stormshield_network_security	stormshield stormshield network security	eq	4.2.1

References

advisories.stormshield.eu

advisories.stormshield.eu/2021-006

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVE-2021-28127

prion1 cvelist1 nvd1