Lucene search

[email protected]NVD:CVE-2023-41166

HistoryDec 21, 2023 - 12:15 a.m.

CVE-2023-41166

2023-12-2100:15:25

[email protected]

web.nvd.nist.gov

cve-2023-41166

sns firewall

remote access commands

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It’s possible to know if a specific user account exists on the SNS firewall by using remote access commands.

Affected configurations

NVD

Node

stormshieldstormshield_network_securityRange3.7.0–3.7.39

stormshieldstormshield_network_securityRange3.11.0–3.11.27

stormshieldstormshield_network_securityRange4.3.0–4.3.23

stormshieldstormshield_network_securityRange4.6.0–4.6.10

stormshieldstormshield_network_securityRange4.7.0–4.7.2

References

advisories.stormshield.eu/2023-027

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2023-41166

cvelist1 cve1 prion1