Stormshield Network Security Security Vulnerabilities
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ...
6.5CVSS
7.2AI Score
0.0004EPSS
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access...
5.3CVSS
7.4AI Score
0.0005EPSS
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible....
4.8CVSS
6.1AI Score
0.001EPSS
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for...
7.5CVSS
7.2AI Score
0.002EPSS
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...
9.8CVSS
9.8AI Score
0.003EPSS
6.5CVSS
6.5AI Score
0.001EPSS
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL...
6.1CVSS
6.1AI Score
0.0004EPSS
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability...
5.8CVSS
5.7AI Score
0.001EPSS
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new...
5.3CVSS
5.3AI Score
0.001EPSS
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU...
7.5CVSS
7.5AI Score
0.01EPSS
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can...
7.5CVSS
7.5AI Score
0.002EPSS
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service...
7.5CVSS
7.8AI Score
0.002EPSS
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory...
9.8CVSS
9.7AI Score
0.012EPSS
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query...
6.1CVSS
7.4AI Score
0.002EPSS
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web...
8.2CVSS
7.5AI Score
0.0004EPSS