Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stormshield stormshield network security vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-47093
An issue exists in Stormshield Network Security (SNS) 4.0.0 up to and including 4.3.21, 4.4.0 up to and including 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.
Stormshield Stormshield Network Security 4.7.0
Stormshield Stormshield Network Security
6.1
CVSSv3
CVE-2021-31814
In Stormshield 1.1.0, and 2.1.0 up to and including 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.
Stormshield Stormshield Network Security
Stormshield Stormshield Network Security 1.1.0
7.5
CVSSv3
CVE-2021-28127
An issue exists in Stormshield SNS up to and including 4.2.1. A brute-force attack can occur.
Stormshield Stormshield Network Security
Stormshield Stormshield Network Security 4.2.1
9.8
CVSSv3
CVE-2020-7465
The L2TP implementation of MPD prior to 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).
Mpd Project Mpd
Stormshield Stormshield Network Security
Stormshield Stormshield Network Security 4.4.0
7.5
CVSSv3
CVE-2020-7466
The PPP implementation of MPD prior to 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.
Mpd Project Mpd
Stormshield Stormshield Network Security
Stormshield Stormshield Network Security 4.4.0
5.9
CVSSv3
CVE-2022-4304
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of ...
Openssl Openssl
Stormshield Stormshield Network Security
Stormshield Endpoint Security
Stormshield Sslvpn
1 Github repository
7.5
CVSSv3
CVE-2023-26095
ASQ in Stormshield Network Security (SNS) 4.3.15 prior to 4.3.16 and 4.6.x prior to 4.6.3 allows a crash when analysing a crafted SIP packet.
Stormshield Network Security
Stormshield Network Security 4.3.15
7.5
CVSSv3
CVE-2023-28616
An issue exists in Stormshield Network Security (SNS) prior to 4.3.17, 4.4.x up to and including 4.6.x prior to 4.6.4, and 4.7.x prior to 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in clear...
Stormshield Network Security 4.7.0
Stormshield Network Security
7.4
CVSSv3
CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This ...
Openssl Openssl
Stormshield Stormshield Network Security
Stormshield Stormshield Management Center
4 Github repositories
4.8
CVSSv3
CVE-2020-11711
An issue exists in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It i...
Stormshield Stormshield Network Security
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »