CVE-2023-41166

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisories.stormshield.eu/2023-027	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::

History

29 Dec 2023, 16:54

Type	Values Removed	Values Added
First Time		Stormshield stormshield Network Security Stormshield
References	~~() https://advisories.stormshield.eu/2023-027 -~~	() https://advisories.stormshield.eu/2023-027 - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:stormshield:stormshield_network_security::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

21 Dec 2023, 02:24

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en Stormshield Network Security (SNS) 3.7.0 a 3.7.39, 3.11.0 a 3.11.27, 4.3.0 a 4.3.22, 4.6.0 a 4.6.9 y 4.7.0 a 4.7. 1. Es posible saber si existe una cuenta de usuario específica en el firewall SNS mediante comandos de acceso remoto.

21 Dec 2023, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-21 00:15

Updated : 2023-12-29 16:54

NVD link : CVE-2023-41166

Mitre link : CVE-2023-41166

CVE.ORG link : CVE-2023-41166

JSON object : View

Products Affected

stormshield

stormshield_network_security

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-41166", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-21T00:15:25.537", "references": [{"url": "https://advisories.stormshield.eu/2023-027", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) 3.7.0 a 3.7.39, 3.11.0 a 3.11.27, 4.3.0 a 4.3.22, 4.6.0 a 4.6.9 y 4.7.0 a 4.7. 1. Es posible saber si existe una cuenta de usuario espec\u00edfica en el firewall SNS mediante comandos de acceso remoto."}], "lastModified": "2023-12-29T16:54:30.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB422D52-AE0B-40A5-915F-48151CBDCE1F", "versionEndIncluding": "3.7.39", "versionStartIncluding": "3.7.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B3D0710-791E-4F52-829B-344E75D31BF2", "versionEndIncluding": "3.11.27", "versionStartIncluding": "3.11.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C62D71E6-BBA8-40F9-BE99-E18A512E0936", "versionEndExcluding": "4.3.23", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA3CFA3-AA12-4347-AE99-91D28021E6F0", "versionEndExcluding": "4.6.10", "versionStartIncluding": "4.6.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459D63A0-291E-4B60-94A7-4FDB3A381C61", "versionEndExcluding": "4.7.2", "versionStartIncluding": "4.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}