cvelistv5 - cve-2021-45885

CVE-2021-45885 (GCVE-0-2021-45885)

Vulnerability from cvelistv5 – Published: 2021-12-29 16:02 – Updated: 2024-08-04 04:54

Summary

An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://advisories.stormshield.eu	x_refsource_MISC
	https://advisories.stormshield.eu/2021-069/	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:54:31.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://advisories.stormshield.eu"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://advisories.stormshield.eu/2021-069/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-29T16:02:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://advisories.stormshield.eu"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://advisories.stormshield.eu/2021-069/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45885",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisories.stormshield.eu",
              "refsource": "MISC",
              "url": "https://advisories.stormshield.eu"
            },
            {
              "name": "https://advisories.stormshield.eu/2021-069/",
              "refsource": "CONFIRM",
              "url": "https://advisories.stormshield.eu/2021-069/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45885",
    "datePublished": "2021-12-29T16:02:03",
    "dateReserved": "2021-12-27T00:00:00",
    "dateUpdated": "2024-08-04T04:54:31.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2.2\", \"versionEndExcluding\": \"4.2.8\", \"matchCriteriaId\": \"99B2E9AE-EFE9-4B28-B16A-F66AE9463CED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en Stormshield Network Security (SNS) versiones 4.2.2 a 4.2.7 (corregido en versi\\u00f3n 4.2.8). En un escenario espec\\u00edfico de actualizaci\\u00f3n-migraci\\u00f3n, el primer cambio de contrase\\u00f1a SSH no borra correctamente la contrase\\u00f1a antigua\"}]",
      "id": "CVE-2021-45885",
      "lastModified": "2024-11-21T06:33:11.620",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-12-29T17:15:07.580",
      "references": "[{\"url\": \"https://advisories.stormshield.eu\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://advisories.stormshield.eu/2021-069/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://advisories.stormshield.eu\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://advisories.stormshield.eu/2021-069/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-45885\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-12-29T17:15:07.580\",\"lastModified\":\"2024-11-21T06:33:11.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en Stormshield Network Security (SNS) versiones 4.2.2 a 4.2.7 (corregido en versi\u00f3n 4.2.8). En un escenario espec\u00edfico de actualizaci\u00f3n-migraci\u00f3n, el primer cambio de contrase\u00f1a SSH no borra correctamente la contrase\u00f1a antigua\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.2\",\"versionEndExcluding\":\"4.2.8\",\"matchCriteriaId\":\"99B2E9AE-EFE9-4B28-B16A-F66AE9463CED\"}]}]}],\"references\":[{\"url\":\"https://advisories.stormshield.eu\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://advisories.stormshield.eu/2021-069/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://advisories.stormshield.eu\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://advisories.stormshield.eu/2021-069/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2021-45885

Vulnerability from fkie_nvd - Published: 2021-12-29 17:15 - Updated: 2024-11-21 06:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	https://advisories.stormshield.eu	Vendor Advisory
cve@mitre.org	https://advisories.stormshield.eu/2021-069/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://advisories.stormshield.eu	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://advisories.stormshield.eu/2021-069/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	stormshield	network_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B2E9AE-EFE9-4B28-B16A-F66AE9463CED",
              "versionEndExcluding": "4.2.8",
              "versionStartIncluding": "4.2.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Stormshield Network Security (SNS) versiones 4.2.2 a 4.2.7 (corregido en versi\u00f3n 4.2.8). En un escenario espec\u00edfico de actualizaci\u00f3n-migraci\u00f3n, el primer cambio de contrase\u00f1a SSH no borra correctamente la contrase\u00f1a antigua"
    }
  ],
  "id": "CVE-2021-45885",
  "lastModified": "2024-11-21T06:33:11.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-29T17:15:07.580",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisories.stormshield.eu"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisories.stormshield.eu/2021-069/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisories.stormshield.eu"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://advisories.stormshield.eu/2021-069/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JG98-XFVF-7PVV

Vulnerability from github – Published: 2021-12-30 00:00 – Updated: 2022-01-12 00:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-45885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-29T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.",
  "id": "GHSA-jg98-xfvf-7pvv",
  "modified": "2022-01-12T00:02:13Z",
  "published": "2021-12-30T00:00:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45885"
    },
    {
      "type": "WEB",
      "url": "https://advisories.stormshield.eu"
    },
    {
      "type": "WEB",
      "url": "https://advisories.stormshield.eu/2021-069"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2021-AVI-985

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 4.2.8

References

Title

Publication Time

Tags

Bulletin de sécurité Stormshield 2021-069 du 29 décembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.2.8",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45885"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-985",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-069 du 29 d\u00e9cembre 2021",
      "url": "https://advisories.stormshield.eu/2021-069/"
    }
  ]
}

CERTFR-2021-AVI-985

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 4.2.8

References

Title

Publication Time

Tags

Bulletin de sécurité Stormshield 2021-069 du 29 décembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.2.8",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-45885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45885"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-985",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-069 du 29 d\u00e9cembre 2021",
      "url": "https://advisories.stormshield.eu/2021-069/"
    }
  ]
}

GSD-2021-45885

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-45885

Aliases

CVE-2021-45885

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-45885",
    "description": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.",
    "id": "GSD-2021-45885"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-45885"
      ],
      "details": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.",
      "id": "GSD-2021-45885",
      "modified": "2023-12-13T01:23:19.716608Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-45885",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://advisories.stormshield.eu",
            "refsource": "MISC",
            "url": "https://advisories.stormshield.eu"
          },
          {
            "name": "https://advisories.stormshield.eu/2021-069/",
            "refsource": "CONFIRM",
            "url": "https://advisories.stormshield.eu/2021-069/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.8",
                "versionStartIncluding": "4.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45885"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://advisories.stormshield.eu/2021-069/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://advisories.stormshield.eu/2021-069/"
            },
            {
              "name": "https://advisories.stormshield.eu",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://advisories.stormshield.eu"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-01-11T15:24Z",
      "publishedDate": "2021-12-29T17:15Z"
    }
  }
}

CNVD-2022-09775

Vulnerability from cnvd - Published: 2022-02-11

Title

Stormshield Network Security代码问题漏洞

Description

Stormshield Network Security是法国Stormshield公司的一款下一代UTM（统一威胁管理）防火墙。 Stormshield Network Security (SNS) 存在代码问题漏洞，该漏洞源于在特定的更新迁移场景下，第一次SSH密码更改无法正确清除旧密码。目前没有详细漏洞细节提供。

Severity

中

Patch Name

Stormshield Network Security代码问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://advisories.stormshield.eu/2021-069/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-45885

Impacted products

Name
Stormshield Network Security >=4.2.2，<=4.2.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-45885"
    }
  },
  "description": "Stormshield Network Security\u662f\u6cd5\u56fdStormshield\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3UTM\uff08\u7edf\u4e00\u5a01\u80c1\u7ba1\u7406\uff09\u9632\u706b\u5899\u3002\n\nStormshield Network Security (SNS) \u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u7279\u5b9a\u7684\u66f4\u65b0\u8fc1\u79fb\u573a\u666f\u4e0b\uff0c\u7b2c\u4e00\u6b21SSH\u5bc6\u7801\u66f4\u6539\u65e0\u6cd5\u6b63\u786e\u6e05\u9664\u65e7\u5bc6\u7801\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://advisories.stormshield.eu/2021-069/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-09775",
  "openTime": "2022-02-11",
  "patchDescription": "Stormshield Network Security\u662f\u6cd5\u56fdStormshield\u516c\u53f8\u7684\u4e00\u6b3e\u4e0b\u4e00\u4ee3UTM\uff08\u7edf\u4e00\u5a01\u80c1\u7ba1\u7406\uff09\u9632\u706b\u5899\u3002\r\n\r\nStormshield Network Security (SNS) \u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u7279\u5b9a\u7684\u66f4\u65b0\u8fc1\u79fb\u573a\u666f\u4e0b\uff0c\u7b2c\u4e00\u6b21SSH\u5bc6\u7801\u66f4\u6539\u65e0\u6cd5\u6b63\u786e\u6e05\u9664\u65e7\u5bc6\u7801\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Stormshield Network Security\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Stormshield Network Security \u003e=4.2.2\uff0c\u003c=4.2.7"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-45885",
  "serverity": "\u4e2d",
  "submitTime": "2021-12-30",
  "title": "Stormshield Network Security\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-45885 (GCVE-0-2021-45885)

FKIE_CVE-2021-45885

GHSA-JG98-XFVF-7PVV

CERTFR-2021-AVI-985

Solution

CERTFR-2021-AVI-985

Solution

GSD-2021-45885

CNVD-2022-09775

Tags

Sightings

Nomenclature