Vulnerabilities for Network security (...) - CXSECURITY.COM

Vulnerabilities for 'Network security'

2022-05-12

CVE-2022-30279

CWE-476

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

2022-01-31

CVE-2021-31617

CWE-119

In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.

CVE-2021-28962

CWE-77

Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.

2021-05-06

CVE-2021-28665

CWE-400

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.

2021-03-19

CVE-2021-27506

NVD-CWE-noinfo

The ClamAV Engine (Version 0.103.1 and below) embedded in Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of parsing of malformed png files.

2021-03-02

CVE-2021-3384

NVD-CWE-noinfo

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.

>>> Vendor: Stormshield 3 Products

Endpoint security

Stormshield network security

Network security

Copyright 2024, cxsecurity.com