PT-2022-20042 · Stormshield · Stormshield Network Security
Published
2022-05-12
·
Updated
2024-08-20
·
CVE-2022-30279
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Stormshield Network Security (SNS) versions 4.3.x through 4.3.7
Description
An issue was discovered in the event logging of the ASQ sofbus lacbus plugin, which triggers the dereferencing of a NULL pointer, leading to a crash of the system. An attacker could exploit this via forged sofbus lacbus traffic to cause a firmware crash.
Recommendations
For Stormshield Network Security (SNS) versions 4.3.x through 4.3.7, update to version 4.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the ASQ sofbus lacbus plugin to minimize the risk of exploitation.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stormshield Network Security