All the vulnerabilites related to stormshield - stormshield_network_security
cve-2023-41166
Vulnerability from cvelistv5
Published
2023-12-20 00:00
Modified
2024-11-26 16:19
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:54:03.477Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2023-027" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-41166", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-09T15:54:16.954203Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T16:19:52.613Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It\u0027s possible to know if a specific user account exists on the SNS firewall by using remote access commands." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-20T23:09:03.052828", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://advisories.stormshield.eu/2023-027" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-41166", "datePublished": "2023-12-20T00:00:00", "dateReserved": "2023-08-24T00:00:00", "dateUpdated": "2024-11-26T16:19:52.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47093
Vulnerability from cvelistv5
Published
2023-12-20 00:00
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.657Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2023-031/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-20T23:17:07.110881", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://advisories.stormshield.eu/2023-031/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-47093", "datePublished": "2023-12-20T00:00:00", "dateReserved": "2023-10-30T00:00:00", "dateUpdated": "2024-08-02T21:01:22.657Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-31617
Vulnerability from cvelistv5
Published
2022-01-31 15:16
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/ | x_refsource_MISC | |
https://advisories.stormshield.eu/2021-020/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:03:33.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-020/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-31T15:16:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-020/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31617", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/" }, { "name": "https://advisories.stormshield.eu/2021-020/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-020/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31617", "datePublished": "2022-01-31T15:16:46", "dateReserved": "2021-04-23T00:00:00", "dateUpdated": "2024-08-03T23:03:33.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7466
Vulnerability from cvelistv5
Published
2020-10-06 13:43
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
References
▼ | URL | Tags |
---|---|---|
https://sourceforge.net/p/mpd/svn/2374/ | x_refsource_MISC | |
https://sourceforge.net/p/mpd/bugs/69/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | MPD: FreeBSD PPP daemon |
Version: All versions prior to version 5.9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:18.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceforge.net/p/mpd/svn/2374/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceforge.net/p/mpd/bugs/69/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MPD: FreeBSD PPP daemon", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to version 5.9" } ] } ], "descriptions": [ { "lang": "en", "value": "The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-06T13:43:31", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sourceforge.net/p/mpd/svn/2374/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sourceforge.net/p/mpd/bugs/69/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2020-7466", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MPD: FreeBSD PPP daemon", "version": { "version_data": [ { "version_value": "All versions prior to version 5.9" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceforge.net/p/mpd/svn/2374/", "refsource": "MISC", "url": "https://sourceforge.net/p/mpd/svn/2374/" }, { "name": "https://sourceforge.net/p/mpd/bugs/69/", "refsource": "MISC", "url": "https://sourceforge.net/p/mpd/bugs/69/" } ] } } } }, "cveMetadata": { "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2020-7466", "datePublished": "2020-10-06T13:43:31", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:18.519Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26095
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-10-02 17:36
Severity ?
EPSS score ?
Summary
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:39:06.648Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2023-007/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26095", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-02T17:35:26.588290Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-02T17:36:09.360Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-28T11:20:06.557718", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://advisories.stormshield.eu/2023-007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-26095", "datePublished": "2023-08-28T00:00:00", "dateReserved": "2023-02-20T00:00:00", "dateUpdated": "2024-10-02T17:36:09.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3398
Vulnerability from cvelistv5
Published
2022-02-10 16:13
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
References
▼ | URL | Tags |
---|---|---|
https://www.stormshield.com/category/alert/ | x_refsource_MISC | |
https://advisories.stormshield.eu/2021-001/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.stormshield.com/category/alert/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-10T16:13:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.stormshield.com/category/alert/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3398", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.stormshield.com/category/alert/", "refsource": "MISC", "url": "https://www.stormshield.com/category/alert/" }, { "name": "https://advisories.stormshield.eu/2021-001/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3398", "datePublished": "2022-02-10T16:13:24", "dateReserved": "2021-02-03T00:00:00", "dateUpdated": "2024-08-03T16:53:17.618Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-20850
Vulnerability from cvelistv5
Published
2019-07-04 13:16
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/2018-006/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:12:29.696Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2018-006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-04T13:16:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2018-006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20850", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/2018-006/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2018-006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20850", "datePublished": "2019-07-04T13:16:32", "dateReserved": "2019-07-04T00:00:00", "dateUpdated": "2024-08-05T12:12:29.696Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20032
Vulnerability from cvelistv5
Published
2023-02-16 15:24
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco Secure Web Appliance |
Version: 11.7.0-406 Version: 11.7.0-418 Version: 11.7.1-049 Version: 11.7.1-006 Version: 11.7.1-020 Version: 11.7.2-011 Version: 11.8.0-414 Version: 11.8.1-023 Version: 11.8.3-018 Version: 11.8.3-021 Version: 12.0.1-268 Version: 12.0.3-007 Version: 12.5.2-007 Version: 12.5.1-011 Version: 12.5.4-005 Version: 12.5.5-004 Version: 14.5.0-498 Version: 14.0.3-014 Version: 14.0.2-012 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-clamav-q8DThCy", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Secure Web Appliance", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.7.0-406" }, { "status": "affected", "version": "11.7.0-418" }, { "status": "affected", "version": "11.7.1-049" }, { "status": "affected", "version": "11.7.1-006" }, { "status": "affected", "version": "11.7.1-020" }, { "status": "affected", "version": "11.7.2-011" }, { "status": "affected", "version": "11.8.0-414" }, { "status": "affected", "version": "11.8.1-023" }, { "status": "affected", "version": "11.8.3-018" }, { "status": "affected", "version": "11.8.3-021" }, { "status": "affected", "version": "12.0.1-268" }, { "status": "affected", "version": "12.0.3-007" }, { "status": "affected", "version": "12.5.2-007" }, { "status": "affected", "version": "12.5.1-011" }, { "status": "affected", "version": "12.5.4-005" }, { "status": "affected", "version": "12.5.5-004" }, { "status": "affected", "version": "14.5.0-498" }, { "status": "affected", "version": "14.0.3-014" }, { "status": "affected", "version": "14.0.2-012" } ] }, { "product": "Cisco Secure Endpoint", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.1.9" }, { "status": "affected", "version": "6.2.5" }, { "status": "affected", "version": "6.3.7" }, { "status": "affected", "version": "6.3.3" }, { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "1.12.1" }, { "status": "affected", "version": "1.12.2" }, { "status": "affected", "version": "1.12.3" }, { "status": "affected", "version": "1.12.7" }, { "status": "affected", "version": "1.12.4" }, { "status": "affected", "version": "1.11.0" }, { "status": "affected", "version": "1.10.2" }, { "status": "affected", "version": "1.10.0" }, { "status": "affected", "version": "1.14.0" }, { "status": "affected", "version": "1.6.0" }, { "status": "affected", "version": "1.9.0" }, { "status": "affected", "version": "1.8.1" }, { "status": "affected", "version": "1.8.0" }, { "status": "affected", "version": "1.7.0" }, { "status": "affected", "version": "7.2.13" }, { "status": "affected", "version": "7.3.5" } ] }, { "product": "Cisco Secure Endpoint Private Cloud Administration Portal", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] } ], "descriptions": [ { "lang": "en", "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"]." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that a proof-of-concept is available that demonstrates that this vulnerability can be used to cause a buffer overflow and subsequent process termination.\r\n\r\nAdditional technical information is also available that describes this vulnerability in detail.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:34.558Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-clamav-q8DThCy", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy" } ], "source": { "advisory": "cisco-sa-clamav-q8DThCy", "defects": [ "CSCwd74135", "CSCwd74134", "CSCwd74133", "CSCwe18204", "CSCwd74132" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20032", "datePublished": "2023-02-16T15:24:05.173Z", "dateReserved": "2022-10-27T18:47:50.315Z", "dateUpdated": "2024-08-02T08:57:35.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3384
Vulnerability from cvelistv5
Published
2021-03-02 17:08
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/2020-049/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://advisories.stormshield.eu/2020-049/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-02T17:08:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://advisories.stormshield.eu/2020-049/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3384", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/2020-049/", "refsource": "CONFIRM", "url": "https://advisories.stormshield.eu/2020-049/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3384", "datePublished": "2021-03-02T17:08:54", "dateReserved": "2021-02-01T00:00:00", "dateUpdated": "2024-08-03T16:53:17.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40617
Vulnerability from cvelistv5
Published
2022-10-31 00:00
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:21:46.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html" }, { "name": "FEDORA-2022-525510c815", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html" }, { "name": "FEDORA-2022-525510c815", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40617", "datePublished": "2022-10-31T00:00:00", "dateReserved": "2022-09-12T00:00:00", "dateUpdated": "2024-08-03T12:21:46.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37613
Vulnerability from cvelistv5
Published
2022-02-10 16:19
Modified
2024-08-04 01:23
Severity ?
EPSS score ?
Summary
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu | x_refsource_MISC | |
https://advisories.stormshield.eu/2021-050/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:23:01.835Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-050/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-10T16:19:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-050/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-37613", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu", "refsource": "MISC", "url": "https://advisories.stormshield.eu" }, { "name": "https://advisories.stormshield.eu/2021-050/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-050/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-37613", "datePublished": "2022-02-10T16:19:24", "dateReserved": "2021-07-29T00:00:00", "dateUpdated": "2024-08-04T01:23:01.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-27812
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:32:59.970Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2022-009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://advisories.stormshield.eu/2022-009/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27812", "datePublished": "2022-08-24T00:00:00", "dateReserved": "2022-03-24T00:00:00", "dateUpdated": "2024-08-03T05:32:59.970Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28616
Vulnerability from cvelistv5
Published
2023-12-26 00:00
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2023-006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-26T03:48:33.987011", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://advisories.stormshield.eu/2023-006" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-28616", "datePublished": "2023-12-26T00:00:00", "dateReserved": "2023-03-19T00:00:00", "dateUpdated": "2024-08-02T13:43:22.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-28127
Vulnerability from cvelistv5
Published
2021-07-01 14:01
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu | x_refsource_MISC | |
https://advisories.stormshield.eu/2021-006 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:33:17.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-006" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-01T14:01:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-006" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28127", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu", "refsource": "MISC", "url": "https://advisories.stormshield.eu" }, { "name": "https://advisories.stormshield.eu/2021-006", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-006" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28127", "datePublished": "2021-07-01T14:01:34", "dateReserved": "2021-03-10T00:00:00", "dateUpdated": "2024-08-03T21:33:17.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-28096
Vulnerability from cvelistv5
Published
2022-01-27 14:00
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/2021-005/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:33:17.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-27T14:00:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-005/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28096", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/2021-005/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-005/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28096", "datePublished": "2022-01-27T14:00:07", "dateReserved": "2021-03-08T00:00:00", "dateUpdated": "2024-08-03T21:33:17.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:44.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Landau" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "High" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": " type confusion vulnerability", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T18:25:32.958867Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "X.400 address type confusion in X.509 GeneralName", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0286", "datePublished": "2023-02-08T19:01:50.514Z", "dateReserved": "2023-01-13T10:40:41.259Z", "dateUpdated": "2024-08-02T05:02:44.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27506
Vulnerability from cvelistv5
Published
2021-03-19 14:28
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/2021-003/ | x_refsource_CONFIRM | |
https://blog.clamav.net/2021/02/clamav-01031-patch-release.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:26:09.160Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-003/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-12T15:27:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://advisories.stormshield.eu/2021-003/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27506", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/2021-003/", "refsource": "CONFIRM", "url": "https://advisories.stormshield.eu/2021-003/" }, { "name": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html", "refsource": "MISC", "url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27506", "datePublished": "2021-03-19T14:28:20", "dateReserved": "2021-02-19T00:00:00", "dateUpdated": "2024-08-03T21:26:09.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-28665
Vulnerability from cvelistv5
Published
2021-05-06 19:26
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/ | x_refsource_MISC | |
https://advisories-admin.stormshield.eu/2021-014 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:47:32.992Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories-admin.stormshield.eu/2021-014" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-06T19:26:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories-admin.stormshield.eu/2021-014" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28665", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/" }, { "name": "https://advisories-admin.stormshield.eu/2021-014", "refsource": "MISC", "url": "https://advisories-admin.stormshield.eu/2021-014" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28665", "datePublished": "2021-05-06T19:26:35", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2024-08-03T21:47:32.992Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20052
Vulnerability from cvelistv5
Published
2023-02-16 15:26
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco Secure Endpoint |
Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 1.12.1 Version: 1.12.2 Version: 1.12.5 Version: 1.12.0 Version: 1.12.6 Version: 1.12.3 Version: 1.12.7 Version: 1.12.4 Version: 1.13.0 Version: 1.13.1 Version: 1.13.2 Version: 1.11.0 Version: 1.10.2 Version: 1.10.1 Version: 1.10.0 Version: 1.14.0 Version: 1.6.0 Version: 1.9.0 Version: 1.9.1 Version: 1.8.1 Version: 1.8.0 Version: 1.8.4 Version: 1.7.0 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.3 Version: 7.3.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-clamav-xxe-TcSZduhN", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Secure Endpoint", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.0.9" }, { "status": "affected", "version": "6.0.7" }, { "status": "affected", "version": "6.1.5" }, { "status": "affected", "version": "6.1.7" }, { "status": "affected", "version": "6.1.9" }, { "status": "affected", "version": "6.2.1" }, { "status": "affected", "version": "6.2.5" }, { "status": "affected", "version": "6.2.19" }, { "status": "affected", "version": "6.2.9" }, { "status": "affected", "version": "6.3.5" }, { "status": "affected", "version": "6.3.1" }, { "status": "affected", "version": "6.3.7" }, { "status": "affected", "version": "6.3.3" }, { "status": "affected", "version": "7.0.5" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.5" }, { "status": "affected", "version": "1.12.1" }, { "status": "affected", "version": "1.12.2" }, { "status": "affected", "version": "1.12.5" }, { "status": "affected", "version": "1.12.0" }, { "status": "affected", "version": "1.12.6" }, { "status": "affected", "version": "1.12.3" }, { "status": "affected", "version": "1.12.7" }, { "status": "affected", "version": "1.12.4" }, { "status": "affected", "version": "1.13.0" }, { "status": "affected", "version": "1.13.1" }, { "status": "affected", "version": "1.13.2" }, { "status": "affected", "version": "1.11.0" }, { "status": "affected", "version": "1.10.2" }, { "status": "affected", "version": "1.10.1" }, { "status": "affected", "version": "1.10.0" }, { "status": "affected", "version": "1.14.0" }, { "status": "affected", "version": "1.6.0" }, { "status": "affected", "version": "1.9.0" }, { "status": "affected", "version": "1.9.1" }, { "status": "affected", "version": "1.8.1" }, { "status": "affected", "version": "1.8.0" }, { "status": "affected", "version": "1.8.4" }, { "status": "affected", "version": "1.7.0" }, { "status": "affected", "version": "7.2.13" }, { "status": "affected", "version": "7.2.7" }, { "status": "affected", "version": "7.2.3" }, { "status": "affected", "version": "7.2.11" }, { "status": "affected", "version": "7.2.5" }, { "status": "affected", "version": "7.3.3" }, { "status": "affected", "version": "7.3.5" } ] } ], "descriptions": [ { "lang": "en", "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "Improper Restriction of XML External Entity Reference", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:38.974Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-clamav-xxe-TcSZduhN", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN" } ], "source": { "advisory": "cisco-sa-clamav-xxe-TcSZduhN", "defects": [ "CSCwd87111", "CSCwd87112", "CSCwd87113" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20052", "datePublished": "2023-02-16T15:26:12.863Z", "dateReserved": "2022-10-27T18:47:50.319Z", "dateUpdated": "2024-08-02T08:57:35.615Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47091
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu" }, { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2023-024/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-25T06:50:15.104686", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://advisories.stormshield.eu" }, { "url": "https://advisories.stormshield.eu/2023-024/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-47091", "datePublished": "2023-12-25T00:00:00", "dateReserved": "2023-10-30T00:00:00", "dateUpdated": "2024-08-02T21:01:22.571Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30279
Vulnerability from cvelistv5
Published
2022-05-12 14:49
Modified
2024-08-03 06:48
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/2022-015 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:48:34.850Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2022-015" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-12T14:49:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2022-015" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-30279", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/2022-015", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2022-015" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-30279", "datePublished": "2022-05-12T14:49:27", "dateReserved": "2022-05-04T00:00:00", "dateUpdated": "2024-08-03T06:48:34.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37434
Vulnerability from cvelistv5
Published
2022-08-05 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:29:21.032Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/ivd38/zlib_overflow" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063" }, { "tags": [ "x_transferred" ], "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764" }, { "name": "[oss-security] 20220805 zlib buffer overflow", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/curl/curl/issues/9271" }, { "name": "[oss-security] 20220808 Re: zlib buffer overflow", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1" }, { "name": "FEDORA-2022-25e4dbedf9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/" }, { "name": "DSA-5218", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5218" }, { "name": "FEDORA-2022-15da0cf165", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0005/" }, { "name": "FEDORA-2022-b8232d1cca", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/" }, { "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html" }, { "name": "FEDORA-2022-3c28ae0cd8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/" }, { "name": "FEDORA-2022-0b517a5397", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213489" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213494" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213493" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213491" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213490" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/38" }, { "name": "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/37" }, { "name": "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/42" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "unknown", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-30T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/ivd38/zlib_overflow" }, { "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1" }, { "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063" }, { "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764" }, { "name": "[oss-security] 20220805 zlib buffer overflow", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2" }, { "url": "https://github.com/curl/curl/issues/9271" }, { "name": "[oss-security] 20220808 Re: zlib buffer overflow", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1" }, { "name": "FEDORA-2022-25e4dbedf9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/" }, { "name": "DSA-5218", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5218" }, { "name": "FEDORA-2022-15da0cf165", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/" }, { "url": "https://security.netapp.com/advisory/ntap-20220901-0005/" }, { "name": "FEDORA-2022-b8232d1cca", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/" }, { "name": "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html" }, { "name": "FEDORA-2022-3c28ae0cd8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/" }, { "name": "FEDORA-2022-0b517a5397", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/" }, { "url": "https://support.apple.com/kb/HT213489" }, { "url": "https://support.apple.com/kb/HT213488" }, { "url": "https://support.apple.com/kb/HT213494" }, { "url": "https://support.apple.com/kb/HT213493" }, { "url": "https://support.apple.com/kb/HT213491" }, { "url": "https://support.apple.com/kb/HT213490" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/38" }, { "name": "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/37" }, { "name": "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/42" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37434", "datePublished": "2022-08-05T00:00:00", "dateReserved": "2022-08-05T00:00:00", "dateUpdated": "2024-08-03T10:29:21.032Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4304
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.
References
▼ | URL | Tags |
---|---|---|
https://www.openssl.org/news/secadv/20230207.txt | vendor-advisory | |
https://security.gentoo.org/glsa/202402-08 |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:50.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario from RedHat" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Dmitry Belyavsky from RedHat" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": " Hubert Kario from RedHat" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\u003cbr\u003ewhich could be sufficient to recover a plaintext across a network in a\u003cbr\u003eBleichenbacher style attack. To achieve a successful decryption an attacker\u003cbr\u003ewould have to be able to send a very large number of trial messages for\u003cbr\u003edecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\u003cbr\u003eRSA-OEAP and RSASVE.\u003cbr\u003e\u003cbr\u003eFor example, in a TLS connection, RSA is commonly used by a client to send an\u003cbr\u003eencrypted pre-master secret to the server. An attacker that had observed a\u003cbr\u003egenuine connection between a client and a server could use this flaw to send\u003cbr\u003etrial messages to the server and record the time taken to process them. After a\u003cbr\u003esufficiently large number of messages the attacker could recover the pre-master\u003cbr\u003esecret used for the original connection and thus be able to decrypt the\u003cbr\u003eapplication data sent over that connection.\u003cbr\u003e\u003cbr\u003e" } ], "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "MODERATE" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "timing based side channel attack", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T19:04:28.890Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Timing Oracle in RSA Decryption", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4304", "datePublished": "2023-02-08T19:04:28.890Z", "dateReserved": "2022-12-06T10:38:40.463Z", "dateUpdated": "2024-08-03T01:34:50.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-31814
Vulnerability from cvelistv5
Published
2022-02-10 16:28
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/ | x_refsource_MISC | |
https://advisories.stormshield.eu/2021-019/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:10:31.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-019/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-10T16:28:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-019/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31814", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/" }, { "name": "https://advisories.stormshield.eu/2021-019/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-019/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31814", "datePublished": "2022-02-10T16:28:15", "dateReserved": "2021-04-26T00:00:00", "dateUpdated": "2024-08-03T23:10:31.195Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-11711
Vulnerability from cvelistv5
Published
2023-08-25 00:00
Modified
2024-10-02 18:12
Severity ?
EPSS score ?
Summary
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:35:13.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.digitemis.com/category/blog/actualite/" }, { "tags": [ "x_transferred" ], "url": "https://twitter.com/_ACKNAK_" }, { "tags": [ "x_transferred" ], "url": "https://advisories.stormshield.eu/2020-011/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-11711", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-02T18:11:43.071000Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-02T18:12:05.072Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim\u0027s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-25T15:53:55.355471", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.digitemis.com/category/blog/actualite/" }, { "url": "https://twitter.com/_ACKNAK_" }, { "url": "https://advisories.stormshield.eu/2020-011/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11711", "datePublished": "2023-08-25T00:00:00", "dateReserved": "2020-04-12T00:00:00", "dateUpdated": "2024-10-02T18:12:05.072Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-8430
Vulnerability from cvelistv5
Published
2020-04-13 15:08
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
References
▼ | URL | Tags |
---|---|---|
https://www.stormshield.com/products/sn310/ | x_refsource_MISC | |
https://www.digitemis.com/category/blog/actualite/ | x_refsource_MISC | |
https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/ | x_refsource_MISC | |
https://advisories.stormshield.eu/2020-001/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:56:28.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.stormshield.com/products/sn310/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.digitemis.com/category/blog/actualite/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://advisories.stormshield.eu/2020-001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-13T15:08:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.stormshield.com/products/sn310/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.digitemis.com/category/blog/actualite/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://advisories.stormshield.eu/2020-001/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-8430", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.stormshield.com/products/sn310/", "refsource": "MISC", "url": "https://www.stormshield.com/products/sn310/" }, { "name": "https://www.digitemis.com/category/blog/actualite/", "refsource": "MISC", "url": "https://www.digitemis.com/category/blog/actualite/" }, { "name": "https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/", "refsource": "MISC", "url": "https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/" }, { "name": "https://advisories.stormshield.eu/2020-001/", "refsource": "CONFIRM", "url": "https://advisories.stormshield.eu/2020-001/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-8430", "datePublished": "2020-04-13T15:08:46", "dateReserved": "2020-01-29T00:00:00", "dateUpdated": "2024-08-04T09:56:28.390Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2002-20001
Vulnerability from cvelistv5
Published
2021-11-11 00:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:06:55.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/Balasys/dheater" }, { "tags": [ "x_transferred" ], "url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol" }, { "tags": [ "x_transferred" ], "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mozilla/ssl-config-generator/issues/162" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.suse.com/support/kb/doc/?id=000020510" }, { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/" }, { "tags": [ "x_transferred" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt" }, { "tags": [ "x_transferred" ], "url": "https://support.f5.com/csp/article/K83120834" }, { "tags": [ "x_transferred" ], "url": "https://dheatattack.com" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/dheatattack/dheater" }, { "tags": [ "x_transferred" ], "url": "https://dheatattack.gitlab.io/" }, { "tags": [ "x_transferred" ], "url": "https://ieeexplore.ieee.org/document/10374117" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-25T04:55:05.223102", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/Balasys/dheater" }, { "url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol" }, { "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/" }, { "url": "https://github.com/mozilla/ssl-config-generator/issues/162" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf" }, { "url": "https://www.suse.com/support/kb/doc/?id=000020510" }, { "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/" }, { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt" }, { "url": "https://support.f5.com/csp/article/K83120834" }, { "url": "https://dheatattack.com" }, { "url": "https://gitlab.com/dheatattack/dheater" }, { "url": "https://dheatattack.gitlab.io/" }, { "url": "https://ieeexplore.ieee.org/document/10374117" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-20001", "datePublished": "2021-11-11T00:00:00", "dateReserved": "2021-11-11T00:00:00", "dateUpdated": "2024-08-08T04:06:55.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23989
Vulnerability from cvelistv5
Published
2022-03-15 20:26
Modified
2024-08-03 03:59
Severity ?
EPSS score ?
Summary
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://advisories.stormshield.eu/2022-003 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:59:23.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2022-003" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-20T02:24:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2022-003" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-23989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://advisories.stormshield.eu/2022-003", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2022-003" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23989", "datePublished": "2022-03-15T20:26:36", "dateReserved": "2022-01-26T00:00:00", "dateUpdated": "2024-08-03T03:59:23.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-7465
Vulnerability from cvelistv5
Published
2020-10-06 13:40
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
References
▼ | URL | Tags |
---|---|---|
https://sourceforge.net/p/mpd/bugs/70/ | x_refsource_MISC | |
https://sourceforge.net/p/mpd/svn/2377/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | MPD: FreeBSD PPP daemon |
Version: All versions prior to version 5.9 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T09:33:18.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceforge.net/p/mpd/bugs/70/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceforge.net/p/mpd/svn/2377/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "MPD: FreeBSD PPP daemon", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to version 5.9" } ] } ], "descriptions": [ { "lang": "en", "value": "The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption)." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-06T13:40:03", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sourceforge.net/p/mpd/bugs/70/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sourceforge.net/p/mpd/svn/2377/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secteam@freebsd.org", "ID": "CVE-2020-7465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MPD: FreeBSD PPP daemon", "version": { "version_data": [ { "version_value": "All versions prior to version 5.9" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceforge.net/p/mpd/bugs/70/", "refsource": "MISC", "url": "https://sourceforge.net/p/mpd/bugs/70/" }, { "name": "https://sourceforge.net/p/mpd/svn/2377/", "refsource": "MISC", "url": "https://sourceforge.net/p/mpd/svn/2377/" } ] } } } }, "cveMetadata": { "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2020-7465", "datePublished": "2020-10-06T13:40:03", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:18.770Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4450
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing to achieve a denial of service attack.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
uses of these functions are not vulnerable because the caller does not free the
header argument if PEM_read_bio_ex() returns a failure code. These locations
include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
OpenSSL 3.0.
The OpenSSL asn1parse command line application is also impacted by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:41:44.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "CarpetFuzz" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Dawei Wang" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Marc Sch\u00f6nefeld" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Kurt Roeckx" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\u003cbr\u003edecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\u003cbr\u003eIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\u003cbr\u003epopulated with pointers to buffers containing the relevant decoded data. The\u003cbr\u003ecaller is responsible for freeing those buffers. It is possible to construct a\u003cbr\u003ePEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\u003cbr\u003ewill return a failure code but will populate the header argument with a pointer\u003cbr\u003eto a buffer that has already been freed. If the caller also frees this buffer\u003cbr\u003ethen a double free will occur. This will most likely lead to a crash. This\u003cbr\u003ecould be exploited by an attacker who has the ability to supply malicious PEM\u003cbr\u003efiles for parsing to achieve a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe functions PEM_read_bio() and PEM_read() are simple wrappers around\u003cbr\u003ePEM_read_bio_ex() and therefore these functions are also directly affected.\u003cbr\u003e\u003cbr\u003eThese functions are also called indirectly by a number of other OpenSSL\u003cbr\u003efunctions including PEM_X509_INFO_read_bio_ex() and\u003cbr\u003eSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\u003cbr\u003euses of these functions are not vulnerable because the caller does not free the\u003cbr\u003eheader argument if PEM_read_bio_ex() returns a failure code. These locations\u003cbr\u003einclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\u003cbr\u003eOpenSSL 3.0.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe OpenSSL asn1parse command line application is also impacted by this issue.\u003c/div\u003e\u003cbr\u003e" } ], "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.\n\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "double-free", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:53:33.164Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Double free after calling PEM_read_bio_ex", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4450", "datePublished": "2023-02-08T19:04:04.874Z", "dateReserved": "2022-12-13T13:38:08.598Z", "dateUpdated": "2024-08-03T01:41:44.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-28962
Vulnerability from cvelistv5
Published
2022-01-31 13:50
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
References
▼ | URL | Tags |
---|---|---|
https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm | x_refsource_MISC | |
https://advisories.stormshield.eu/ | x_refsource_MISC | |
https://advisories.stormshield.eu/2021-007/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:55:12.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://advisories.stormshield.eu/2021-007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-31T13:50:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://advisories.stormshield.eu/2021-007/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28962", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm", "refsource": "MISC", "url": "https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm" }, { "name": "https://advisories.stormshield.eu/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/" }, { "name": "https://advisories.stormshield.eu/2021-007/", "refsource": "MISC", "url": "https://advisories.stormshield.eu/2021-007/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28962", "datePublished": "2022-01-31T13:50:15", "dateReserved": "2021-03-21T00:00:00", "dateUpdated": "2024-08-03T21:55:12.246Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2023-02-08 20:15
Modified
2024-11-21 07:34
Severity ?
Summary
A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "70985D55-A574-4151-B451-4D500CBFC29A", "versionEndExcluding": "1.0.2zg", "versionStartIncluding": "1.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE0061D6-8F81-45D3-B254-82A94915FD08", "versionEndExcluding": "1.1.1t", "versionStartIncluding": "1.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DC5D88-4E99-48F2-8892-610ACA9B5B86", "versionEndExcluding": "3.0.8", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:endpoint_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "166DF690-041D-4585-A9DA-A6CC72A6A7F3", "versionEndExcluding": "7.2.40", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:sslvpn:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA7E0DD2-D62E-4735-A2C9-47C463BE4AA9", "versionEndExcluding": "3.2.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "27B77023-4983-4D33-9824-A120A5ED31BD", "versionEndExcluding": "2.7.11", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD398C8-BC0B-4ED5-B71A-B9C6D8F63659", "versionEndExcluding": "3.7.34", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "31B59634-B59C-4391-96D3-200A86A6CE3E", "versionEndExcluding": "3.11.22", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7794B42-8235-4C75-866F-5D0A405F0989", "versionEndExcluding": "4.3.16", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n" } ], "id": "CVE-2022-4304", "lastModified": "2024-11-21T07:34:58.630", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-02-08T20:15:23.887", "references": [ { "source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/202402-08" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-203" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-10-06 14:15
Modified
2024-11-21 05:37
Severity ?
Summary
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
References
▼ | URL | Tags | |
---|---|---|---|
secteam@freebsd.org | https://sourceforge.net/p/mpd/bugs/69/ | Exploit, Third Party Advisory | |
secteam@freebsd.org | https://sourceforge.net/p/mpd/svn/2374/ | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/mpd/bugs/69/ | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/mpd/svn/2374/ | Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mpd_project | mpd | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | 4.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mpd_project:mpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B163FDA-5474-4EAB-8DA3-54F83A4E8319", "versionEndExcluding": "5.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "697F15F6-AED1-4013-A06D-BDF26622B1D1", "versionEndExcluding": "4.3.17", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DDEAFC4-01D3-42B0-A9DC-DE19B63F182B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition." }, { "lang": "es", "value": "La implementaci\u00f3n PPP de MPD versiones anteriores a 5.9, permite a un atacante remoto que puede enviar un mensaje de autenticaci\u00f3n PPP espec\u00edficamente dise\u00f1ado causar que el demonio lea m\u00e1s all\u00e1 del b\u00fafer de memoria asignado, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio" } ], "id": "CVE-2020-7466", "lastModified": "2024-11-21T05:37:12.073", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-10-06T14:15:13.243", "references": [ { "source": "secteam@freebsd.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/bugs/69/" }, { "source": "secteam@freebsd.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/svn/2374/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/bugs/69/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/svn/2374/" } ], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "secteam@freebsd.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-01 15:15
Modified
2024-11-21 05:59
Severity ?
Summary
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu | Vendor Advisory | |
cve@mitre.org | https://advisories.stormshield.eu/2021-006 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-006 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "434F97FB-0B92-4852-9D69-7C2D9BBC6FDA", "versionEndIncluding": "2.7.9", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBAB743F-89C0-4152-A4E7-1633E4492B51", "versionEndIncluding": "2.16.0", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "63F73AC1-0164-496E-878B-6F2407E16F54", "versionEndIncluding": "3.7.19", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "73ECA7BD-DBE5-4660-A785-5AFDFB04593D", "versionEndIncluding": "3.11.7", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C635B64-8247-48AB-B77B-88BA169BC783", "versionEndIncluding": "4.1.5", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "573F0CBD-7DA6-4D2E-92B4-32E4825C54F8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur." }, { "lang": "es", "value": "Se ha detectado un problema en Stormshield SNS versiones hasta 4.2.1. Puede ocurrir un ataque de fuerza bruta" } ], "id": "CVE-2021-28127", "lastModified": "2024-11-21T05:59:08.247", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-01T15:15:08.113", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-006" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-307" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-21 00:15
Modified
2024-11-21 08:20
Severity ?
Summary
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2023-027 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2023-027 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB422D52-AE0B-40A5-915F-48151CBDCE1F", "versionEndIncluding": "3.7.39", "versionStartIncluding": "3.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B3D0710-791E-4F52-829B-344E75D31BF2", "versionEndIncluding": "3.11.27", "versionStartIncluding": "3.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C62D71E6-BBA8-40F9-BE99-E18A512E0936", "versionEndExcluding": "4.3.23", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BA3CFA3-AA12-4347-AE99-91D28021E6F0", "versionEndExcluding": "4.6.10", "versionStartIncluding": "4.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "459D63A0-291E-4B60-94A7-4FDB3A381C61", "versionEndExcluding": "4.7.2", "versionStartIncluding": "4.7.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It\u0027s possible to know if a specific user account exists on the SNS firewall by using remote access commands." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) 3.7.0 a 3.7.39, 3.11.0 a 3.11.27, 4.3.0 a 4.3.22, 4.6.0 a 4.6.9 y 4.7.0 a 4.7. 1. Es posible saber si existe una cuenta de usuario espec\u00edfica en el firewall SNS mediante comandos de acceso remoto." } ], "id": "CVE-2023-41166", "lastModified": "2024-11-21T08:20:42.740", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-21T00:15:25.537", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-027" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-027" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-05-06 20:15
Modified
2024-11-21 06:00
Severity ?
Summary
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "47CF2A7C-1391-4A92-BEB7-8B33DF2FB693", "versionEndExcluding": "3.7.18", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB1687AD-8D46-4CBC-8EE5-AEA384B7A1DE", "versionEndExcluding": "3.11.5", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "268FCC1D-500C-4F39-B688-96130AA60D16", "versionEndExcluding": "4.1.5", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service." }, { "lang": "es", "value": "Stormshield SNS con versiones anteriores a 3.7.18, 3.11.6 y 4.1.6, presenta un fallo de administraci\u00f3n de la memoria en el plugin SNMP que puede conllevar a un consumo excesivo de la memoria y recursos de CPU, y posiblemente a una denegaci\u00f3n de servicio" } ], "id": "CVE-2021-28665", "lastModified": "2024-11-21T06:00:03.900", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-05-06T20:15:09.820", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://advisories-admin.stormshield.eu/2021-014" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://advisories-admin.stormshield.eu/2021-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-401" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-01-31 16:15
Modified
2024-11-21 06:06
Severity ?
Summary
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/ | Vendor Advisory | |
cve@mitre.org | https://advisories.stormshield.eu/2021-020/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-020/ | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D98E742-1D45-4E68-B59C-15DE3B8CDF75", "versionEndExcluding": "2.7.9", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "A44D782B-3A9B-45C7-A8C3-0E6159D83B71", "versionEndExcluding": "3.7.21", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "580720E6-CD62-432E-8B4D-A68DA7459BDB", "versionEndExcluding": "3.11.9", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "804BF818-9B25-41F7-809E-E39DCCE246E7", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution." }, { "lang": "es", "value": "En ASQ en Stormshield Network Security (SNS) versiones 1.0.0 hasta 2.7.8, 2.8.0 hasta 2.16.0, 3.0.0 hasta 3.7.20, 3.8.0 hasta 3.11.8, y 4.0.1 hasta 4.2.2, un manejo inapropiado de la memoria puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota" } ], "id": "CVE-2021-31617", "lastModified": "2024-11-21T06:06:02.253", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-01-31T16:15:09.793", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-020/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-020/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-10-31 06:15
Modified
2024-11-21 07:21
Severity ?
Summary
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
strongswan | strongswan | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 20.04 | |
canonical | ubuntu_linux | 22.04 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
fedoraproject | fedora | 37 | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC6606A3-0C2E-4BBE-BEAD-214B004B17EC", "versionEndExcluding": "5.9.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C17D344D-BE32-4DA3-A30B-B5DF3C6405BC", "versionEndExcluding": "3.11.20", "versionStartIncluding": "3.11.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB72AE8F-12E1-4A53-9815-4555F01BD3B9", "versionEndExcluding": "4.3.15", "versionStartIncluding": "4.3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9A20ADA-5494-44EE-BFBC-E267C4A7A96A", "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.5.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data." }, { "lang": "es", "value": "strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegaci\u00f3n de Servicio en el complemento de revocaci\u00f3n enviando un certificado de entidad final (y CA intermedia) manipulado que contiene una URL CRL/OCSP que apunta a un servidor (bajo el control del atacante) que no responde adecuadamente pero (por ejemplo) simplemente no hace nada despu\u00e9s del protocolo de enlace TCP inicial o env\u00eda una cantidad excesiva de datos de la aplicaci\u00f3n.\n" } ], "id": "CVE-2022-40617", "lastModified": "2024-11-21T07:21:43.427", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-10-31T06:15:09.887", "references": [ { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/" }, { "source": "cve@mitre.org", "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:40
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*", "matchCriteriaId": "40572314-306A-4594-A279-216B8139B7A0", "versionEndExcluding": "1.20.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*", "matchCriteriaId": "726A787E-E64F-4906-9BAE-4F79EB530F1F", "versionEndExcluding": "1.21.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C4F63447-CA0E-43FC-8FF1-B4032D21E32A", "versionEndExcluding": "7.5.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D0FC45E7-C4AB-4AC5-87AB-0ED1508CCFF3", "versionEndExcluding": "8.1.5", "versionStartIncluding": "8.0.1.21160", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "07BFC8FC-6CF0-49DA-B4ED-5B7936A4233E", "versionEndExcluding": "3.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EFF7AB1-33C6-4627-9950-2F2E48BCCC7E", "versionEndExcluding": "12.5.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8361D69-981F-4F28-86F9-EFF202C9E537", "versionEndExcluding": "14.0.4-005", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF6E494A-FCA7-4569-847D-2AA3C14C3E79", "versionEndExcluding": "14.5.1-013", "versionStartIncluding": "14.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD8B1F66-9FD3-4970-BDA3-26241B18B4AA", "versionEndExcluding": "15.0.0-254", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDF08008-9C84-4075-8AB7-233209E4F3C0", "versionEndIncluding": "0.103.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "14FA7424-A3E5-4F46-83F8-E9767330F1CE", "versionEndIncluding": "0.105.1", "versionStartIncluding": "0.104.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "A381BD3C-88E0-41FD-91E6-26BCF78B84CA", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*", "matchCriteriaId": "88BE0B1C-4515-40EA-ADDD-A04BF50743DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB00FEFE-F8A2-482D-A7EE-002DA4E10FF6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "88CF061E-FFD8-48DE-887F-2119C916E2B4", "versionEndExcluding": "3.7.35", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F499B698-4EB6-4262-BAF4-9BDE7F114805", "versionEndExcluding": "3.11.23", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "40519377-ECDC-41E2-B6A6-7F601AC28ACD", "versionEndExcluding": "4.3.17", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "77BAC9BA-B215-490F-9202-617B1B4E7C8A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"]." } ], "id": "CVE-2023-20032", "lastModified": "2024-11-21T07:40:23.950", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:11.907", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-21 00:15
Modified
2024-11-21 08:29
Severity ?
Summary
An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2023-031/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2023-031/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | 4.7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FE8DAD-7467-42A3-9519-AE2D9A523497", "versionEndExcluding": "4.3.22", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "134FC4FC-E0A0-4AD2-85D8-ED8536FD9F13", "versionEndExcluding": "4.6.9", "versionStartIncluding": "4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "41064506-1A8B-462B-B0CC-935467EB80CA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) 4.0.0 a 4.3.21, 4.4.0 a 4.6.8 y 4.7.0. El env\u00edo de un paquete ICMP manipulado puede provocar un fallo del motor ASQ." } ], "id": "CVE-2023-47093", "lastModified": "2024-11-21T08:29:45.287", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-21T00:15:26.067", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-031/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-031/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-10 17:15
Modified
2024-11-21 06:21
Severity ?
Summary
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2021-001/ | Vendor Advisory | |
cve@mitre.org | https://www.stormshield.com/category/alert/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-001/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.stormshield.com/category/alert/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "85AECDF1-6659-4B65-8761-8C3028EC8479", "versionEndIncluding": "3.7.24", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F3D8ADD-FDDD-4CEA-AB99-40C9F4877C8A", "versionEndIncluding": "3.11.12", "versionStartIncluding": "3.8.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component." }, { "lang": "es", "value": "Stormshield Network Security (SNS) 3.x, presenta un Desbordamiento de Enteros en el componente high-availability" } ], "id": "CVE-2021-3398", "lastModified": "2024-11-21T06:21:24.870", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-10T17:15:09.237", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-001/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.stormshield.com/category/alert/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.stormshield.com/category/alert/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-08-05 07:15
Modified
2024-11-21 07:14
Severity ?
Summary
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*", "matchCriteriaId": "59A031AE-1A48-4E95-A632-B0CBD2A8048D", "versionEndIncluding": "1.2.12", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true }, { "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "46D91788-9173-4FA2-A956-18286461B859", "versionEndExcluding": "15.7.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C42DEF1-164C-42F0-932E-A6B2F4CD8557", "versionEndExcluding": "15.7.1", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "707AECD3-BB9B-4AFA-8D87-FDFB79A9EB89", "versionEndExcluding": "16.1", "versionStartIncluding": "16.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D832A844-E337-4151-83EF-FAEF32377223", "versionEndExcluding": "11.7.1", "versionStartIncluding": "11.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A9B7134-E932-4E1C-81D8-A87C3FC1F685", "versionEndExcluding": "12.6.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "32BABE0E-193A-4A4D-96E9-84BB48649C9A", "versionEndExcluding": "9.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFA72DD0-7FAB-4D00-8D9D-5F8527DB9995", "versionEndExcluding": "3.7.34", "versionStartIncluding": "3.7.31", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "1206C911-91FF-4E9A-820C-6635CAB523C1", "versionEndExcluding": "3.11.22", "versionStartIncluding": "3.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "39D11018-C7F4-4BCB-A295-5296F8CB8F0B", "versionEndExcluding": "4.3.16", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF87CF3B-17D9-4B12-86FD-DD1633177BA9", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)." }, { "lang": "es", "value": "zlib versiones hasta 1.2.12, presenta una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria o desbordamiento de b\u00fafer en el archivo inflate.c por medio de un campo extra del encabezado gzip. NOTA: s\u00f3lo est\u00e1n afectadas las aplicaciones que llaman a inflateGetHeader. Algunas aplicaciones comunes agrupan el c\u00f3digo fuente de zlib afectado pero pueden ser incapaces de llamar a inflateGetHeader (por ejemplo, v\u00e9ase la referencia nodejs/node)" } ], "id": "CVE-2022-37434", "lastModified": "2024-11-21T07:14:59.070", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-08-05T07:15:07.240", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/37" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/38" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/42" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/curl/curl/issues/9271" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/ivd38/zlib_overflow" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0005/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213489" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213490" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213491" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213493" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213494" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5218" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/37" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/38" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/42" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/curl/curl/issues/9271" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/ivd38/zlib_overflow" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0005/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213488" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213489" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213490" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213491" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213493" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT213494" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5218" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-07-04 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2018-006/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2018-006/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC90B886-C377-4854-B658-9B83DD9263F7", "versionEndIncluding": "2.13.0", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AB5EE23-364E-4385-BF76-7898107E8AEC", "versionEndIncluding": "3.7.1", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server." }, { "lang": "es", "value": "Stormshield Network Security versi\u00f3n 2.0.0 hasta la versi\u00f3n 2.13.0 y versi\u00f3n 3.0.0 hasta la versi\u00f3n 3.7.1 tiene self-XSS en la interfaz de l\u00ednea de comandos del servidor web SNS." } ], "id": "CVE-2018-20850", "lastModified": "2024-11-21T04:02:18.463", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-07-04T14:15:10.777", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2018-006/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2018-006/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-02-08 20:15
Modified
2024-11-21 07:35
Severity ?
Summary
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing to achieve a denial of service attack.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
uses of these functions are not vulnerable because the caller does not free the
header argument if PEM_read_bio_ex() returns a failure code. These locations
include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
OpenSSL 3.0.
The OpenSSL asn1parse command line application is also impacted by this issue.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openssl | openssl | * | |
openssl | openssl | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE0061D6-8F81-45D3-B254-82A94915FD08", "versionEndExcluding": "1.1.1t", "versionStartIncluding": "1.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DC5D88-4E99-48F2-8892-610ACA9B5B86", "versionEndExcluding": "3.0.8", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7794B42-8235-4C75-866F-5D0A405F0989", "versionEndExcluding": "4.3.16", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.\n\n\n" } ], "id": "CVE-2022-4450", "lastModified": "2024-11-21T07:35:17.197", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-02-08T20:15:23.973", "references": [ { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/202402-08" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-415" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-25 07:15
Modified
2024-11-21 08:29
Severity ?
Summary
An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu | Vendor Advisory | |
cve@mitre.org | https://advisories.stormshield.eu/2023-024/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2023-024/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D293505-FDC0-4B2B-B7D4-8371A9142A0F", "versionEndExcluding": "4.3.23", "versionStartIncluding": "4.3.13", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BA3CFA3-AA12-4347-AE99-91D28021E6F0", "versionEndExcluding": "4.6.10", "versionStartIncluding": "4.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "459D63A0-291E-4B60-94A7-4FDB3A381C61", "versionEndExcluding": "4.7.2", "versionStartIncluding": "4.7.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS), SNS 4.3.13 a 4.3.22 antes de 4.3.23, SNS 4.6.0 a 4.6.9 antes de 4.6.10 y SNS 4.7.0 a 4.7.1 antes de 4.7.2. . Un atacante puede sobrepasar el umbral de cookies, haciendo imposible una conexi\u00f3n IPsec." } ], "id": "CVE-2023-47091", "lastModified": "2024-11-21T08:29:45.107", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-25T07:15:09.537", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-024/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-024/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-08-24 12:15
Modified
2024-11-21 06:56
Severity ?
Summary
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2022-009/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2022-009/ | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ED3E958-C6DD-4534-84D8-8C9F9220F091", "versionEndExcluding": "3.7.30", "versionStartIncluding": "3.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3046184-CE10-4A23-9E05-F5173E9BCE5F", "versionEndExcluding": "3.11.18", "versionStartIncluding": "3.11.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0AF8CBA-E40F-4E62-8024-52D8855A3563", "versionEndExcluding": "4.2.11", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE777F7-6AFE-4060-AD7D-6A4E87073094", "versionEndExcluding": "4.3.7", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS." }, { "lang": "es", "value": "Inundar las versiones 3.7.0 a 3.7.29, 3.11.0 a 3.11.17, 4.2.0 a 4.2.10, y 4.3.0 a 4.3.6 del cortafuegos SNS con tr\u00e1fico forjado espec\u00edfico, puede conducir a un DoS SNS" } ], "id": "CVE-2022-27812", "lastModified": "2024-11-21T06:56:14.287", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-08-24T12:15:08.433", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2022-009/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2022-009/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-01-31 14:15
Modified
2024-11-21 06:00
Severity ?
Summary
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/ | Vendor Advisory | |
cve@mitre.org | https://advisories.stormshield.eu/2021-007/ | Vendor Advisory | |
cve@mitre.org | https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm | Release Notes, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-007/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm | Release Notes, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "16197356-0088-4B6B-94D5-1B64802AC302", "versionEndExcluding": "2.7.9", "versionStartIncluding": "2.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "A44D782B-3A9B-45C7-A8C3-0E6159D83B71", "versionEndExcluding": "3.7.21", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "580720E6-CD62-432E-8B4D-A68DA7459BDB", "versionEndExcluding": "3.11.9", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "293C9DE4-4CA5-4F14-886E-99A987E2C396", "versionEndExcluding": "4.2.2", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands." }, { "lang": "es", "value": "Stormshield Network Security (SNS) versiones anteriores a 4.2.2, permite que un administrador de s\u00f3lo lectura obtenga privilegios por medio de comandos CLI" } ], "id": "CVE-2021-28962", "lastModified": "2024-11-21T06:00:27.263", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-01-31T14:15:07.610", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-007/" }, { "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ], "url": "https://documentation.stormshield.eu/SNS/v4/en/Content/Release_Notes_SNS/Getting_Started_RNO.htm" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-03-15 21:15
Modified
2024-11-21 06:49
Severity ?
Summary
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2022-003 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2022-003 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BA930F8-6221-4492-86A4-5B3F8DEF8E3D", "versionEndExcluding": "3.7.25", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE02CCA4-5C58-4165-BB15-178CC80FA567", "versionEndExcluding": "3.11.13", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "A26B3C9D-67B6-420D-975C-561A9B2F22AE", "versionEndExcluding": "4.2.10", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7A3CBF2-016A-4EBB-B98F-EDFA075DCA81", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service." }, { "lang": "es", "value": "En Stormshield Network Security (SNS) antes de la versi\u00f3n 3.7.25, de la 3.8.x a la 3.11.x antes de la 3.11.13, de la 4.x antes de la 4.2.10 y de la 4.3.x antes de la 4.3.5, una avalancha de conexiones al servicio SSLVPN podr\u00eda provocar la saturaci\u00f3n de la interfaz de loopback. Esto podr\u00eda resultar en el bloqueo de casi todo el tr\u00e1fico de red, haciendo que el firewall sea inalcanzable. Un atacante podr\u00eda explotar esto a trav\u00e9s de un tr\u00e1fico falsificado y debidamente cronometrado para causar una denegaci\u00f3n de servicio" } ], "id": "CVE-2022-23989", "lastModified": "2024-11-21T06:49:36.520", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-03-15T21:15:09.603", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2022-003" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2022-003" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-02-08 20:15
Modified
2024-11-21 07:36
Severity ?
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "70985D55-A574-4151-B451-4D500CBFC29A", "versionEndExcluding": "1.0.2zg", "versionStartIncluding": "1.0.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE0061D6-8F81-45D3-B254-82A94915FD08", "versionEndExcluding": "1.1.1t", "versionStartIncluding": "1.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DC5D88-4E99-48F2-8892-610ACA9B5B86", "versionEndExcluding": "3.0.8", "versionStartIncluding": "3.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A933C5-C56E-485C-AD49-3B6A2C329131", "versionEndExcluding": "3.3.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "27B77023-4983-4D33-9824-A120A5ED31BD", "versionEndExcluding": "2.7.11", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD398C8-BC0B-4ED5-B71A-B9C6D8F63659", "versionEndExcluding": "3.7.34", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "31B59634-B59C-4391-96D3-200A86A6CE3E", "versionEndExcluding": "3.11.22", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7794B42-8235-4C75-866F-5D0A405F0989", "versionEndExcluding": "4.3.16", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n" } ], "id": "CVE-2023-0286", "lastModified": "2024-11-21T07:36:53.843", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-02-08T20:15:24.267", "references": [ { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "source": "openssl-security@openssl.org", "tags": [ "Third Party Advisory" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "source": "openssl-security@openssl.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/202402-08" }, { "source": "openssl-security@openssl.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-08" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-843" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-03-01 08:15
Modified
2024-11-21 07:40
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | secure_endpoint | * | |
cisco | secure_endpoint | * | |
cisco | secure_endpoint | * | |
cisco | secure_endpoint | * | |
cisco | secure_endpoint_private_cloud | * | |
clamav | clamav | * | |
clamav | clamav | * | |
clamav | clamav | 1.0.0 | |
clamav | clamav | 1.0.0 | |
clamav | clamav | 1.0.0 | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*", "matchCriteriaId": "40572314-306A-4594-A279-216B8139B7A0", "versionEndExcluding": "1.20.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*", "matchCriteriaId": "726A787E-E64F-4906-9BAE-4F79EB530F1F", "versionEndExcluding": "1.21.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C4F63447-CA0E-43FC-8FF1-B4032D21E32A", "versionEndExcluding": "7.5.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", "matchCriteriaId": "D0FC45E7-C4AB-4AC5-87AB-0ED1508CCFF3", "versionEndExcluding": "8.1.5", "versionStartIncluding": "8.0.1.21160", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "07BFC8FC-6CF0-49DA-B4ED-5B7936A4233E", "versionEndExcluding": "3.6.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDF08008-9C84-4075-8AB7-233209E4F3C0", "versionEndIncluding": "0.103.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "14FA7424-A3E5-4F46-83F8-E9767330F1CE", "versionEndIncluding": "0.105.1", "versionStartIncluding": "0.104.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "A381BD3C-88E0-41FD-91E6-26BCF78B84CA", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*", "matchCriteriaId": "88BE0B1C-4515-40EA-ADDD-A04BF50743DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB00FEFE-F8A2-482D-A7EE-002DA4E10FF6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "88CF061E-FFD8-48DE-887F-2119C916E2B4", "versionEndExcluding": "3.7.35", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F499B698-4EB6-4262-BAF4-9BDE7F114805", "versionEndExcluding": "3.11.23", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "40519377-ECDC-41E2-B6A6-7F601AC28ACD", "versionEndExcluding": "4.3.17", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "77BAC9BA-B215-490F-9202-617B1B4E7C8A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process." } ], "id": "CVE-2023-20052", "lastModified": "2024-11-21T07:40:26.643", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-03-01T08:15:11.980", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-611" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-776" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-10 17:15
Modified
2024-11-21 06:06
Severity ?
Summary
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/ | Vendor Advisory | |
cve@mitre.org | https://advisories.stormshield.eu/2021-019/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-019/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | 1.1.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "71D317FF-8D10-4A88-A6A3-18B291CAD50B", "versionEndIncluding": "2.9.0", "versionStartIncluding": "2.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6488F2ED-2EF4-4651-AE2E-2E4783177F66", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client." }, { "lang": "es", "value": "En Stormshield versiones 1.1.0, y versiones 2.1.0 hasta 2.9.0, un atacante puede bloquear el acceso de un cliente a la VPN y puede obtener informaci\u00f3n confidencial mediante el cliente SN VPN SSL" } ], "id": "CVE-2021-31814", "lastModified": "2024-11-21T06:06:17.040", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-10T17:15:09.137", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-019/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-019/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-306" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-02-10 17:15
Modified
2024-11-21 06:15
Severity ?
Summary
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu | Vendor Advisory | |
cve@mitre.org | https://advisories.stormshield.eu/2021-050/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-050/ | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7952485-82AD-4E01-8CF6-933C7A00B9D3", "versionEndIncluding": "1.6.1", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "296E51A1-0145-4987-8B78-AB6A92E2E969", "versionEndIncluding": "2.7.8", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBAB743F-89C0-4152-A4E7-1633E4492B51", "versionEndIncluding": "2.16.0", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "85AECDF1-6659-4B65-8761-8C3028EC8479", "versionEndIncluding": "3.7.24", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E212CFE-9D10-4404-8D40-8BB55515CE8D", "versionEndIncluding": "3.11.12", "versionStartExcluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "0010EB6C-3A24-49A9-B208-012D271F9453", "versionEndIncluding": "4.2.7", "versionStartExcluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service." }, { "lang": "es", "value": "Stormshield Network Security (SNS) versiones 1.0.0 hasta 4.2.3, permite una Denegaci\u00f3n de Servicio" } ], "id": "CVE-2021-37613", "lastModified": "2024-11-21T06:15:31.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-02-10T17:15:09.190", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-050/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-050/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-05-12 15:15
Modified
2024-11-21 07:02
Severity ?
Summary
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2022-015 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2022-015 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2B91285-D421-42DA-BA7B-2DEF9A3958C6", "versionEndExcluding": "4.3.8", "versionStartIncluding": "4.3.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash." }, { "lang": "es", "value": "Se ha detectado un problema en Stormshield Network Security (SNS) versiones 4.3.x anteriores a 4.3.8. El registro de eventos del complemento ASQ sofbus lacbus desencadena una desreferencia de puntero NULL, conllevando a un bloqueo de SNS. Un atacante podr\u00eda explotar esta vulnerabilidad por medio de un tr\u00e1fico sofbus lacbus falsificado para causar un bloqueo del firmware" } ], "id": "CVE-2022-30279", "lastModified": "2024-11-21T07:02:29.373", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-12T15:15:08.847", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2022-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2022-015" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-11-11 19:15
Modified
2024-11-20 23:42
Severity ?
Summary
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:balasys:dheater:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE3F88FC-F039-433B-9035-88F1691DA082", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", "matchCriteriaId": "70A029CD-2AC4-4877-B1A4-5C72B351BA27", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE73DAA2-9CCA-4BD6-B11A-9326F79D9ABB", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "475E283C-8F3C-4051-B9E8-349845F8C528", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "956AC9F3-2042-4C21-A5E4-D2D4334D2FC3", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "E17DBD3E-F5AC-4A35-81E0-C4804CAD78F9", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "346B71B1-D583-4463-ADF8-BEE700B0CA3A", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2AA25BA-72C5-48A9-BDBC-CA108208011F", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "308B0070-6716-4754-A5E4-C3D70CAB376B", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F26AB06-7FEB-4A56-B722-DBDEEE628DB8", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE48C9C9-6B84-4A4A-963D-6DFE0C2FB312", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "878CD8E6-6B9B-431D-BD15-F954C7B8076F", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D9DB9B9-2959-448E-9B59-C873584A0E11", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF04191-019B-4BC9-A9A7-7B7AA9B5B7D1", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F62D754D-A4A1-4093-AB42-9F51C19976CA", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "90084CD6-FA4B-4305-BC65-58237BAF714E", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC9D4626-915F-42E5-81E0-6F8271084773", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7056F1FA-24AC-4D9F-8DDC-B3CA4740BF5E", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_service_proxy:1.6.0:*:*:*:*:kubernetes:*:*", "matchCriteriaId": "BC5AC8C7-92BA-48D4-81A1-F5323DA952A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "E48AC50D-19B3-4E97-ADD2-B661BD891ED7", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "B13C4244-BE15-4F2C-BBBA-35072571B041", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1B4FBF6-C23A-4BD2-ADFB-9617C03B603A", "versionEndIncluding": "17.1.0", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "360D8842-2C55-450F-9AFA-09CA34B12598", "versionEndIncluding": "8.2.0", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA0B396A-B5CE-4337-A33A-EF58C4589CB3", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:f5os-a:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4A3C86A-CA2F-4AC8-A43E-765829A96147", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:f5os-a:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "03E01235-F9B0-4CCF-AA08-FECF61C62B21", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:f5os-c:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BFAE8EC-9A5F-421D-990D-B6D454DECAEC", "versionEndIncluding": "1.3.2", "versionStartIncluding": "1.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:f5os-c:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC3EDB8D-5C16-49DF-BE48-C83744AD7788", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:f5os-c:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "12FEEABD-9A4A-4A33-9B74-7B053352C47D", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B3AD582-9909-4FF5-B541-571F18E22356", "versionEndExcluding": "10.06.0180", "versionStartIncluding": "10.06.0000", "vulnerable": true }, { "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "21F81EB2-3916-4DC6-9600-B7FD17906B53", "versionEndExcluding": "10.07.0030", "versionStartIncluding": "10.07.0000", "vulnerable": true }, { "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "71284AA8-9E0E-4B2F-8464-B49E1D6965B5", "versionEndExcluding": "10.08.0010", "versionStartIncluding": "10.08.0000", "vulnerable": true }, { "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "matchCriteriaId": "F059E5A9-E613-4BE1-BF61-C477B3441175", "versionEndExcluding": "10.09.0002", "versionStartIncluding": "10.09.0000", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF1DD310-3D31-4204-92E0-70C33EE44F08", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCD1A83B-109B-4596-AE37-706751E2B57D", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*", "matchCriteriaId": "1218AAA5-01ED-4D89-A7AE-A600356ABD46", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D6F748F-89E9-45FB-8BE7-2201E5EB2755", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "8066A871-2683-4F74-9750-E73BF004209F", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*", "matchCriteriaId": "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*", "matchCriteriaId": "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8320:-:*:*:*:*:*:*:*", "matchCriteriaId": "10B5F18A-28B0-49B4-8374-C681C2B48D2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B7E2D3-0B72-4A78-AEFA-F106FAD38156", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E87A92B-4EE5-4235-A0DA-195F27841DBB", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BC24E52-13C0-402F-9ABF-A1DE51719AEF", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "76EF979E-061A-42A3-B161-B835E92ED180", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE04919C-9289-4FB3-938F-F8BB15EC6A74", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*", "matchCriteriaId": "B630C64B-C474-477D-A80B-A0FB73ACCC49", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*", "matchCriteriaId": "53ABE8B8-A4F6-400B-A893-314BE24D06B8", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*", "matchCriteriaId": "C44383CC-3751-455E-B1AB-39B16F40DC76", "vulnerable": false }, { "criteria": "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*", "matchCriteriaId": "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A933C5-C56E-485C-AD49-3B6A2C329131", "versionEndExcluding": "3.3.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7387F52-013D-432D-87D8-5D3ABD472C9E", "versionEndExcluding": "4.3.16", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE." }, { "lang": "es", "value": "El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar n\u00fameros arbitrarios que en realidad no son claves p\u00fablicas, y desencadenar costosos c\u00e1lculos de exponenciaci\u00f3n modular DHE del lado del servidor, tambi\u00e9n se conoce como un ataque D(HE)ater. El cliente necesita muy pocos recursos de CPU y ancho de banda de red. El ataque puede ser m\u00e1s perturbador en los casos en los que un cliente puede exigir al servidor que seleccione su mayor tama\u00f1o de clave soportado. El escenario b\u00e1sico del ataque es que el cliente debe afirmar que s\u00f3lo puede comunicarse con DHE, y el servidor debe estar configurado para permitir DHE" } ], "id": "CVE-2002-20001", "lastModified": "2024-11-20T23:42:37.617", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-11-11T19:15:07.380", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://dheatattack.com" }, { "source": "cve@mitre.org", "url": "https://dheatattack.gitlab.io/" }, { "source": "cve@mitre.org", "tags": [ "Product" ], "url": "https://github.com/Balasys/dheater" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://github.com/mozilla/ssl-config-generator/issues/162" }, { "source": "cve@mitre.org", "url": "https://gitlab.com/dheatattack/dheater" }, { "source": "cve@mitre.org", "url": "https://ieeexplore.ieee.org/document/10374117" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K83120834" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking" ], "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Technical Description" ], "url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.suse.com/support/kb/doc/?id=000020510" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://dheatattack.com" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://dheatattack.gitlab.io/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product" ], "url": "https://github.com/Balasys/dheater" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://github.com/mozilla/ssl-config-generator/issues/162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitlab.com/dheatattack/dheater" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ieeexplore.ieee.org/document/10374117" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K83120834" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Technical Description" ], "url": "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.suse.com/support/kb/doc/?id=000020510" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-08-25 16:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2020-011/ | Vendor Advisory | |
cve@mitre.org | https://twitter.com/_ACKNAK_ | Not Applicable | |
cve@mitre.org | https://www.digitemis.com/category/blog/actualite/ | Not Applicable | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2020-011/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/_ACKNAK_ | Not Applicable | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.digitemis.com/category/blog/actualite/ | Not Applicable |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "77B7EAEB-CE18-42D3-8D66-F96CC6CDBFEA", "versionEndExcluding": "3.7.13", "versionStartIncluding": "3.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BC1815B-DD6E-4CFB-9C3A-FAE05FD4E07A", "versionEndExcluding": "3.11.0", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "90E181AB-A89E-4A11-A2AA-5E53C0074B79", "versionEndExcluding": "4.1.1", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim\u0027s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form." }, { "lang": "es", "value": "Se ha descubierto un problema en Stormshield SNS 3.8.0. El XSS almacenado autenticado en el panel de inicio de sesi\u00f3n del administrador conduce al robo de credenciales SSL VPN. Se puede cargar un archivo de renuncia malicioso desde el panel de administraci\u00f3n. El archivo resultante se muestra en la interfaz de autenticaci\u00f3n del panel de administraci\u00f3n. Es posible inyectar contenido HTML malicioso para ejecutar JavaScript dentro del navegador de la v\u00edctima. Esto resulta en un XSS almacenado en la interfaz de autenticaci\u00f3n del panel de administraci\u00f3n. Adem\u00e1s, hay un formulario de autenticaci\u00f3n no seguro en la interfaz de autenticaci\u00f3n del portal cautivo VPN SSL. Se permite a los usuarios guardar sus credenciales dentro del navegador. Si un administrador guarda sus credenciales a trav\u00e9s de este formulario no seguro, estas credenciales podr\u00edan ser robadas a trav\u00e9s del XSS almacenado en el panel de administraci\u00f3n sin interacci\u00f3n del usuario. Otra posible explotaci\u00f3n ser\u00eda la modificaci\u00f3n del formulario de autenticaci\u00f3n del panel de administraci\u00f3n en un formulario malicioso." } ], "id": "CVE-2020-11711", "lastModified": "2024-11-21T04:58:27.460", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-08-25T16:15:07.857", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2020-011/" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable" ], "url": "https://twitter.com/_ACKNAK_" }, { "source": "cve@mitre.org", "tags": [ "Not Applicable" ], "url": "https://www.digitemis.com/category/blog/actualite/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2020-011/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "https://twitter.com/_ACKNAK_" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable" ], "url": "https://www.digitemis.com/category/blog/actualite/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-03-19 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2021-003/ | Broken Link, Vendor Advisory | |
cve@mitre.org | https://blog.clamav.net/2021/02/clamav-01031-patch-release.html | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-003/ | Broken Link, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://blog.clamav.net/2021/02/clamav-01031-patch-release.html | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
netasq_project | netasq | * | |
stormshield | stormshield_network_security | * | |
clamav | clamav | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netasq_project:netasq:*:*:*:*:*:*:*:*", "matchCriteriaId": "9706560E-DD3E-45D1-895C-5EE59C7DFB3C", "versionEndIncluding": "9.1.11", "versionStartIncluding": "9.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "20C1A2CD-7802-4497-B87D-8D49506B7BCB", "versionEndIncluding": "4.2.0", "versionStartIncluding": "1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "22A4DD0B-BD39-4BC7-BB23-114AFC9C2FAD", "versionEndIncluding": "0.103.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1." }, { "lang": "es", "value": "El componente ClamAV Engine (versi\u00f3n 0.103.1 e inferior) incrustado en Storsmshield Network Security (SNS) est\u00e1 sujeto a DoS en caso de analizar archivos png malformados. Esto afecta a las versiones 9.1.0 a 9.1.11 de Netasq y a las versiones 1.0.0 a 4.2.0 de SNS. Este problema se ha solucionado en SNS versiones 3.7.19, 3.11.7 y 4.2.1." } ], "id": "CVE-2021-27506", "lastModified": "2024-11-21T05:58:07.733", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-03-19T15:15:12.650", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-003/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-01-27 14:15
Modified
2024-11-21 05:59
Severity ?
Summary
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2021-005/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-005/ | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "296E51A1-0145-4987-8B78-AB6A92E2E969", "versionEndIncluding": "2.7.8", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "853771C7-179A-4A4A-BB7D-6F5E9595B4E6", "versionEndIncluding": "3.7.20", "versionStartIncluding": "3.7.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "43B343EB-B378-427B-A9F9-5DFF573B0436", "versionEndIncluding": "3.11.8", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "804BF818-9B25-41F7-809E-E39DCCE246E7", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections." }, { "lang": "es", "value": "Se ha detectado un problema en Stormshield SNS versiones anteriores a 4.2.3 (cuando es usado el proxy). Un atacante puede saturar la tabla de conexiones del proxy. Esto resultar\u00eda en que el proxy denegara cualquier nueva conexi\u00f3n" } ], "id": "CVE-2021-28096", "lastModified": "2024-11-21T05:59:05.143", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-01-27T14:15:07.847", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-005/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2021-005/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-04-13 16:15
Modified
2024-11-21 05:38
Severity ?
Summary
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0C7F596-D8AF-4FF5-858C-22DE849D3CA4", "versionEndIncluding": "3.7.10", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "94964411-FD8E-4273-8016-76C7F16F6ECC", "versionEndIncluding": "3.10.0", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7CEBD7C-271D-4571-B7E4-D5E55B89C187", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string." }, { "lang": "es", "value": "Los dispositivos Stormshield Network Security versi\u00f3n 310 3.7.10, presentan una vulnerabilidad de Redireccionamiento Abierto de auth/lang.html?rurl= en el portal cautivo. Por ejemplo, el atacante puede usar rurl=//example.com en lugar de rurl=https://example.com en la cadena de consulta." } ], "id": "CVE-2020-8430", "lastModified": "2024-11-21T05:38:50.450", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-04-13T16:15:13.997", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2020-001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://www.digitemis.com/category/blog/actualite/" }, { "source": "cve@mitre.org", "tags": [ "Product", "Vendor Advisory" ], "url": "https://www.stormshield.com/products/sn310/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2020-001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://www.digitemis.com/category/blog/actualite/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product", "Vendor Advisory" ], "url": "https://www.stormshield.com/products/sn310/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-601" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-10-06 14:15
Modified
2024-11-21 05:37
Severity ?
Summary
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
References
▼ | URL | Tags | |
---|---|---|---|
secteam@freebsd.org | https://sourceforge.net/p/mpd/bugs/70/ | Exploit, Issue Tracking, Third Party Advisory | |
secteam@freebsd.org | https://sourceforge.net/p/mpd/svn/2377/ | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/mpd/bugs/70/ | Exploit, Issue Tracking, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/mpd/svn/2377/ | Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mpd_project | mpd | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | 4.4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mpd_project:mpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B163FDA-5474-4EAB-8DA3-54F83A4E8319", "versionEndExcluding": "5.9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "697F15F6-AED1-4013-A06D-BDF26622B1D1", "versionEndExcluding": "4.3.17", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DDEAFC4-01D3-42B0-A9DC-DE19B63F182B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption)." }, { "lang": "es", "value": "La implementaci\u00f3n L2TP de MPD versiones anteriores a 5.9, permite a un atacante remoto que puede enviar un paquete de control L2TP espec\u00edficamente dise\u00f1ado con AVP versi\u00f3n Q.931 Causar Code para ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria)" } ], "id": "CVE-2020-7465", "lastModified": "2024-11-21T05:37:11.953", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-10-06T14:15:13.167", "references": [ { "source": "secteam@freebsd.org", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/bugs/70/" }, { "source": "secteam@freebsd.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/svn/2377/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/bugs/70/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://sourceforge.net/p/mpd/svn/2377/" } ], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "secteam@freebsd.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-08-28 12:15
Modified
2024-11-21 07:50
Severity ?
Summary
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2023-007/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2023-007/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | 4.3.15 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF87CF3B-17D9-4B12-86FD-DD1633177BA9", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.6.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.3.15:*:*:*:*:*:*:*", "matchCriteriaId": "D2E690AD-A6BB-49A0-B21E-25138E49548D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet." } ], "id": "CVE-2023-26095", "lastModified": "2024-11-21T07:50:45.833", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-08-28T12:15:08.940", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-007/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-007/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2021-03-02 18:15
Modified
2024-11-21 06:21
Severity ?
Summary
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2020-049/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2020-049/ | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "1963DE20-CE8C-4776-B355-541A682B32A4", "versionEndExcluding": "2.7.8", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBAB743F-89C0-4152-A4E7-1633E4492B51", "versionEndIncluding": "2.16.0", "versionStartIncluding": "2.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7C6C367-2B85-4F65-8E36-E9F791DE3256", "versionEndIncluding": "3.7.17", "versionStartIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B359EE3-CFBF-4F12-9E07-FCBCEB41CAB8", "versionEndIncluding": "3.11.5", "versionStartIncluding": "3.8.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "268FCC1D-500C-4F39-B688-96130AA60D16", "versionEndExcluding": "4.1.5", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0." }, { "lang": "es", "value": "Una vulnerabilidad en Stormshield Network Security, podr\u00eda permitir a un atacante desencadenar una protecci\u00f3n relacionada a una administraci\u00f3n de tablas ARP/NDP, lo que impedir\u00eda temporalmente al sistema comunicarse con nuevos hosts por medio de IPv4 o IPv6.\u0026#xa0;Esto afecta a versiones 2.0.0 hasta 2.7.7, versiones 2.8.0 hasta 2.16.0, versiones 3.0.0 hasta 3.7.16, versiones 3.8.0 hasta 3.11.4 y versiones 4.0.0 hasta 4.1.5.\u0026#xa0;Corregido en versiones 2.7.8, 3.7.17, 3.11.5 y 4.2.0" } ], "id": "CVE-2021-3384", "lastModified": "2024-11-21T06:21:23.687", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-03-02T18:15:15.977", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2020-049/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2020-049/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-12-26 04:15
Modified
2024-11-21 07:55
Severity ?
Summary
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://advisories.stormshield.eu/2023-006 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2023-006 | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | * | |
stormshield | stormshield_network_security | 4.7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "77BB677B-09F8-4CB6-A65B-D596EF7598EC", "versionEndExcluding": "4.3.17", "versionStartIncluding": "2.7.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "77BAC9BA-B215-490F-9202-617B1B4E7C8A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "41064506-1A8B-462B-B0CC-935467EB80CA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog." } ], "id": "CVE-2023-28616", "lastModified": "2024-11-21T07:55:40.477", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-26T04:15:07.790", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-006" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://advisories.stormshield.eu/2023-006" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-319" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }