Stormshield: >> Stormshield Network Security >> 3.11.0 Security Vulnerabilities
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-03-15
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-02-10
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.
CVSS Score
5.8
EPSS Score
0.003
Published
2022-02-10
In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.03
Published
2022-01-31
Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.
CVSS Score
7.2
EPSS Score
0.008
Published
2022-01-31
An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-01-27
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
CVSS Score
7.5
EPSS Score
0.04
Published
2021-11-11
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-01
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-05-06
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-03-19