Shodan
Vulnerabilities
Vulnerable Software
Stormshield:  >> Stormshield Network Security  >> 3.0.3  Security Vulnerabilities
CVE-2021-28962
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
CVSS Score
7.2
EPSS Score
0.008
Published
2022-01-31
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVSS Score
7.5
EPSS Score
0.04
Published
2021-11-11
CVE-2021-28127
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-01
CVE-2021-27506
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-03-19
CVE-2021-3384
A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-03-02
CVE-2020-8430
Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-13
CVE-2018-20850
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
CVSS Score
8.2
EPSS Score
0.001
Published
2019-07-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved