Search criteria
16 vulnerabilities found for N/A by Stormshield
CERTFR-2024-AVI-0452
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans StormShield SSL VPN Client. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | SSL VPN Client versions antérieures à 3.2.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SSL VPN Client versions ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27903"
},
{
"name": "CVE-2024-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27459"
},
{
"name": "CVE-2024-24974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24974"
},
{
"name": "CVE-2024-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1305"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield SSL VPN Client. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield SSL VPN Client",
"vendor_advisories": [
{
"published_at": "2024-05-29",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-014",
"url": "https://advisories.stormshield.eu/2024-014"
}
]
}
CERTFR-2023-AVI-0494
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Stormshield Endpoint Security. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données
.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield Endpoint Security versions 2.x antérieures à 2.4.3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Endpoint Security versions 2.x ant\u00e9rieures \u00e0 2.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35800"
},
{
"name": "CVE-2023-35799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35799"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0494",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nEndpoint Security. Elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\n\n.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2023-021 du 26 juin 2023",
"url": "https://advisories.stormshield.eu/2023-021/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2023-02 du 26 juin 2023",
"url": "https://advisories.stormshield.eu/2023-022/"
}
]
}
CERTFR-2023-AVI-0486
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans StormShield Endpoint Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | StormShield Endpoint Security versions antérieures à 7.2.40 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "StormShield Endpoint Security versions ant\u00e9rieures \u00e0 7.2.40",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0486",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans\u003cspan class=\"textit\"\u003e StormShield\nEndpoint Security\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans StormShield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-012 du 22 juin 2023",
"url": "https://advisories.stormshield.eu/4635/"
}
]
}
CERTFR-2023-AVI-0415
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Stormshield Endpoint Security. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield Endpoint Security versions 2.3.x antérieures à 2.4.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Endpoint Security versions 2.3.x ant\u00e9rieures \u00e0 2.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23562",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23562"
},
{
"name": "CVE-2023-23561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23561"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0415",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nEndpoint Security. Elles permettent \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-002 du 25 mai 2023",
"url": "https://advisories.stormshield.eu/2023-002/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-001 du 25 mai 2023",
"url": "https://advisories.stormshield.eu/2023-001/"
}
]
}
CERTFR-2023-AVI-0165
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans StormShield SSLVPN. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | StormShield SSLVPN versions antérieures à 3.2.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "StormShield SSLVPN versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0165",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eStormShield\nSSLVPN\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans StormShield SSLVPN",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-011 du 23 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-011/"
}
]
}
CERTFR-2023-AVI-0064
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Stormshield SSL VPN Client. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | SSLVPN Client versions antérieures à 3.2.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SSLVPN Client versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46782"
},
{
"name": "CVE-2022-46783",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46783"
},
{
"name": "CVE-2022-46893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46893"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield SSL VPN\nClient. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield SSL VPN Client",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2022-029 du 26 janvier 2023",
"url": "https://advisories.stormshield.eu/2022-029/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-028 du 26 janvier 2023",
"url": "https://advisories.stormshield.eu/2021-028/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2022-028 du 26 janvier 2023",
"url": "https://advisories.stormshield.eu/2022-028/"
}
]
}
CERTFR-2022-AVI-319
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Stormshield Endpoint Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield Endpoint Security versions antérieures à 7.2.37 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Endpoint Security versions ant\u00e9rieures \u00e0 7.2.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-319",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Endpoint Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-007 du 7 avril 2022",
"url": "https://advisories.stormshield.eu/2022-007/"
}
]
}
CERTFR-2021-AVI-977
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Stormshield Endpoint Security. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield Endpoint Security versions 2.x antérieures à 2.1.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Endpoint Security versions 2.x ant\u00e9rieures \u00e0 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45091"
},
{
"name": "CVE-2021-45090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45090"
},
{
"name": "CVE-2021-45089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45089"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-977",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nEndpoint Security. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-071 du 21 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-071/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-072 du 21 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-072/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-070 du 21 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-070/"
}
]
}
CERTFR-2021-AVI-515
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Stormshield Endpoint Security. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield Endpoint Security versions 2.0.x antérieures à 2.1.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Endpoint Security versions 2.0.x ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-31225",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31225"
},
{
"name": "CVE-2021-31220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31220"
},
{
"name": "CVE-2021-31224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31224"
},
{
"name": "CVE-2021-31223",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31223"
},
{
"name": "CVE-2021-31222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31222"
},
{
"name": "CVE-2021-31221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31221"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-515",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nEndpoint Security. Elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-022 du 12 juillet 2021",
"url": "https://advisories.stormshield.eu/2021-022/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-023 du 12 juillet 2021",
"url": "https://advisories.stormshield.eu/2021-023/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-027 du 12 juillet 2021",
"url": "https://advisories.stormshield.eu/2021-027/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-025 du 12 juillet 2021",
"url": "https://advisories.stormshield.eu/2021-025/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-026 du 12 juillet 2021",
"url": "https://advisories.stormshield.eu/2021-026/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-024 du 12 juillet 2021",
"url": "https://advisories.stormshield.eu/2021-024/"
}
]
}
CERTFR-2021-AVI-415
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.2.1 antérieures à 4.2.2 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.x.x antérieures à 3.7.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.1.5 antérieures à 4.1.6 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x antérieures à 3.11.8 | ||
| Stormshield | N/A | Netasq versions 9.1.0 et 9.1.11 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.2.1 ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.x.x ant\u00e9rieures \u00e0 3.7.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.1.5 ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.x ant\u00e9rieures \u00e0 3.11.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.1.0 et 9.1.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1405",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1405"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-1404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1404"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-415",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-033 du 27 mai 2021",
"url": "https://advisories.stormshield.eu/2021-033/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-017 du 27 mai 2021",
"url": "https://advisories.stormshield.eu/2021-017/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-009 du 27 mai 2021",
"url": "https://advisories.stormshield.eu/2021-009/"
}
]
}
CERTFR-2021-AVI-388
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Stormshield Endpoint Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield Endpoint Security versions 7.2.x antérieures à 7.2.34 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Endpoint Security versions 7.2.x ant\u00e9rieures \u00e0 7.2.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-388",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Endpoint Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Endpoint Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-008 du 17 mai 2021",
"url": "https://advisories.stormshield.eu/2408/"
}
]
}
CERTFR-2021-AVI-341
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.0.0 à 2.7.9 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security version 4.2.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.0.0 à 3.7.19 antérieures à 3.7.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.0.0 à 4.1.5 antérieures à 4.1.6 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security SSOAgent versions 3.x antérieures à 3.0.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.0 à 3.11.7 antérieures à 3.11.8 | ||
| Stormshield | N/A | Netasq version 9.1.10 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.8.0 à 2.16.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 2.0.0 \u00e0 2.7.9",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security version 4.2.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.0.0 \u00e0 3.7.19 ant\u00e9rieures \u00e0 3.7.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.0.0 \u00e0 4.1.5 ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security SSOAgent versions 3.x ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.0 \u00e0 3.11.7 ant\u00e9rieures \u00e0 3.11.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq version 9.1.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.8.0 \u00e0 2.16.0",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-36230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
},
{
"name": "CVE-2020-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
},
{
"name": "CVE-2020-36225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
},
{
"name": "CVE-2020-36224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
},
{
"name": "CVE-2020-36228",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
},
{
"name": "CVE-2020-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2020-36223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
},
{
"name": "CVE-2021-28665",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28665"
},
{
"name": "CVE-2020-36229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
},
{
"name": "CVE-2020-36226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
},
{
"name": "CVE-2020-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-05T00:00:00.000000"
},
{
"description": "coorection des identifiants de CVE",
"revision_date": "2021-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-014 du 5 mai 2021",
"url": "https://advisories.stormshield.eu/2021-014/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-018 du 5 mai 2021",
"url": "https://advisories.stormshield.eu/2021-018/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-010 du 5 mai 2021",
"url": "https://advisories.stormshield.eu/2021-010/"
}
]
}
CERTFR-2021-AVI-065
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance.
Cet avis remplace l'avis CERTFR-2021-AVI-051 suite à la suppression et la modification des bulletins de sécurité de l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.x antérieures à 3.7.15 ou 3.11.3 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.x | ||
| Stormshield | N/A | Netasq versions 9.0.9 à 9.10.10 | ||
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 2.8.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x antérieures à 4.1.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.x ant\u00e9rieures \u00e0 3.7.15 ou 3.11.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.x",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.0.9 \u00e0 9.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 2.8.1",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7469"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2020-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8265"
},
{
"name": "CVE-2020-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8277"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-065",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-28T00:00:00.000000"
},
{
"description": "correction \u00e9diteur pour versions SMC affect\u00e9es",
"revision_date": "2021-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n\n\u003cstrong\u003eCet avis remplace l\u0027avis CERTFR-2021-AVI-051 suite \u00e0 la suppression et\nla modification des bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur.\u003c/strong\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-062 du 21 janvier 2021",
"url": "https://advisories.stormshield.eu/2020-062/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-060 du 21 janvier 2021",
"url": "https://advisories.stormshield.eu/2020-060/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-035 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-035/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-034 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-034/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-061 du 21 janvier 2021",
"url": "https://advisories.stormshield.eu/2020-061/"
}
]
}
CERTFR-2021-AVI-051
Vulnerability from certfr_avis - Published: - Updated:
Cet avis est remplacé par l'avis CERTFR-2021-AVI-065 suite à des modifications et des suppressions dans les bulletins de sécurité de l'éditeur.
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.x antérieures à 3.7.15 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.x à 2.7.7 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x et supérieures antérieures à 3.11.3 | ||
| Stormshield | N/A | Netasq versions 9.0.9 à 9.10.10 | ||
| Stormshield | N/A | SMC versions 2.8 à 3.0 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x antérieures à 4.1.3 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.x ant\u00e9rieures \u00e0 3.7.15",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.x \u00e0 2.7.7",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.x et sup\u00e9rieures ant\u00e9rieures \u00e0 3.11.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.0.9 \u00e0 9.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "SMC versions 2.8 \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7469"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2020-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8265"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-21T00:00:00.000000"
},
{
"description": "Avis d\u00e9clar\u00e9 obsol\u00e8te",
"revision_date": "2021-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "\u003cstrong\u003eCet avis est remplac\u00e9 par l\u0027avis CERTFR-2021-AVI-065 suite \u00e0 des\nmodifications et des suppressions dans les bulletins de s\u00e9curit\u00e9 de\nl\u0027\u00e9diteur.\u003c/strong\u003e\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-036 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-036/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-034 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-034/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-035 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-035/"
}
]
}
CERTFR-2020-AVI-618
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security (SNS) versions antérieures à 4.1.1. Cette version est la seule qui corrige toutes les vulnérabilités mentionnées dans les avis Stormshield dont les liens sont présentés ici. Nous invitons nos lecteurs à faire leur propre analyse de risque quant au choix de la version qui correspond le mieux à leurs besoins. | ||
| Stormshield | N/A | Netasq versions 9.x |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security (SNS) versions ant\u00e9rieures \u00e0 4.1.1. Cette version est la seule qui corrige toutes les vuln\u00e9rabilit\u00e9s mentionn\u00e9es dans les avis Stormshield dont les liens sont pr\u00e9sent\u00e9s ici. Nous invitons nos lecteurs \u00e0 faire leur propre analyse de risque quant au choix de la version qui correspond le mieux \u00e0 leurs besoins.",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-11139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11139"
},
{
"name": "CVE-2019-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0117"
},
{
"name": "CVE-2019-11157",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11157"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2016-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
},
{
"name": "CVE-2020-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11711"
},
{
"name": "CVE-2019-14607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14607"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-0184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0184"
},
{
"name": "CVE-2019-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0123"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-618",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-013 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2020-013/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-012 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2020-012/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2019-013 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2019-013/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2019-026 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2019-026/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2020-011 du 17 septembre 2020",
"url": "https://advisories.stormshield.eu/2020-011/"
}
]
}
CERTFR-2020-AVI-177
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Stormshield SMC. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | N/A | Stormshield SMC toutes versions antérieures à 2.6.4 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield SMC toutes versions ant\u00e9rieures \u00e0 2.6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTFR-2020-AVI-177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield SMC.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield SMC",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-007 du 30 mars 2020",
"url": "https://advisories.stormshield.eu/2020-007/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-006 du 30 mars 2020",
"url": "https://advisories.stormshield.eu/2020-006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-008 du 30 mars 2020",
"url": "https://advisories.stormshield.eu/2020-008/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-009 du 30 mars 2020",
"url": "https://advisories.stormshield.eu/2020-009/"
}
]
}