PT-2023-24733 · Stormshield · Stormshield Network Security
Published
2023-12-25
·
Updated
2025-02-14
·
CVE-2023-34198
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Stormshield Network Security (SNS) versions 1.0.0 through 3.7.36
Stormshield Network Security (SNS) versions 3.8.0 through 3.11.24
Stormshield Network Security (SNS) versions 4.0.0 through 4.3.18
Stormshield Network Security (SNS) versions 4.4.0 through 4.6.5
Stormshield Network Security (SNS) version 4.7.0
Description
The usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the
:any type, which may have unexpected results for access control.Recommendations
For versions 1.0.0 through 3.7.36, update to version 3.7.37 or later.
For versions 3.8.0 through 3.11.24, update to version 3.11.25 or later.
For versions 4.0.0 through 4.3.18, update to version 4.3.19 or later.
For versions 4.4.0 through 4.6.5, update to version 4.6.6 or later.
For version 4.7.0, update to version 4.7.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Stormshield Network Security