HIGH🇵🇱 Wersja polska

CVE-2023-34198

CVSS 7.3v3.1pub. 2024-02-29upd. 2025-02-14

In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Stormshield Network Security

    APP
    Stormshield
    4.7.01.0.0 – 3.7.37 (bez)3.8.0 – 3.11.25 (bez)4.0.0 – 4.3.19 (bez)4.4.0 – 4.6.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-20032CRITICAL9.8ten sam produkt

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerabilit...

CVE-2022-37434CRITICAL9.8ten sam produkt

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large g...

CVE-2021-31617CRITICAL9.8ten sam produkt

In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, ...

CVE-2020-7465CRITICAL9.8ten sam produkt

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP cont...

CVE-2025-48707HIGH7.5ten sam produkt

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information cou...