Design/Logic Flaw

2023-12-2100:15:00

PRIOn knowledge base

www.prio-n.com

stormshield network security

sns

version 3.7.0

version 3.7.39

version 3.11.27

version 4.7.1

user accounts

remote access commands

design flaw

logic flaw

7.2 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It’s possible to know if a specific user account exists on the SNS firewall by using remote access commands.

CPENameOperatorVersion
stormshield_network_securityge4.7.0
stormshield_network_securitylt4.7.2
stormshield_network_securityge4.6.0
stormshield_network_securitylt4.6.10
stormshield_network_securityge4.3.0
stormshield_network_securitylt4.3.23
stormshield_network_securityge3.11.0
stormshield_network_securityle3.11.27
stormshield_network_securityge3.7.0
stormshield_network_securityle3.7.39

Name	Operator	Version
stormshield_network_security	ge	4.7.0
stormshield_network_security	lt	4.7.2
stormshield_network_security	ge	4.6.0
stormshield_network_security	lt	4.6.10
stormshield_network_security	ge	4.3.0
stormshield_network_security	lt	4.3.23
stormshield_network_security	ge	3.11.0
stormshield_network_security	le	3.11.27
stormshield_network_security	ge	3.7.0
stormshield_network_security	le	3.7.39

References

advisories.stormshield.eu/2023-027