CVE-2023-41166

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
References
Link Resource
https://advisories.stormshield.eu/2023-027 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*

History

29 Dec 2023, 16:54

Type Values Removed Values Added
CPE cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
References () https://advisories.stormshield.eu/2023-027 - () https://advisories.stormshield.eu/2023-027 - Vendor Advisory

21 Dec 2023, 02:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-21 00:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-41166

Mitre link : CVE-2023-41166

CVE.ORG link : CVE-2023-41166


JSON object : View

Products Affected

stormshield

  • stormshield_network_security