PT-2022-10040 · Stormshield · Stormshield Network Security
Published
2022-01-31
·
Updated
2024-08-20
·
CVE-2021-31617
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Stormshield Network Security (SNS) versions 1.0.0 through 2.7.8
Stormshield Network Security (SNS) versions 2.8.0 through 2.16.0
Stormshield Network Security (SNS) versions 3.0.0 through 3.7.20
Stormshield Network Security (SNS) versions 3.8.0 through 3.11.8
Stormshield Network Security (SNS) versions 4.0.1 through 4.2.2
Description
The issue is related to mishandling of memory management in ASQ, which can lead to remote code execution.
Recommendations
For versions 1.0.0 through 2.7.8, update to a version outside of this range to mitigate the risk.
For versions 2.8.0 through 2.16.0, update to a version outside of this range to mitigate the risk.
For versions 3.0.0 through 3.7.20, update to a version outside of this range to mitigate the risk.
For versions 3.8.0 through 3.11.8, update to a version outside of this range to mitigate the risk.
For versions 4.0.1 through 4.2.2, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the ASQ component until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stormshield Network Security