CVE-2023-41166

Name of the Vulnerable Software and Affected Versions Stormshield Network Security (SNS) versions 3.7.0 through 3.7.39 Stormshield Network Security (SNS) versions 3.11.0 through 3.11.27 Stormshield Network Security (SNS) versions 4.3.0 through 4.3.22 Stormshield Network Security (SNS) versions 4.6.0 through 4.6.9 Stormshield Network Security (SNS) versions 4.7.0 through 4.7.1

Description An issue was discovered in Stormshield Network Security (SNS) that allows determining if a specific user account exists on the SNS firewall by using remote access commands.

Recommendations For versions 3.7.0 through 3.7.39, update to a version outside of this range to mitigate the risk. For versions 3.11.0 through 3.11.27, update to a version outside of this range to mitigate the risk. For versions 4.3.0 through 4.3.22, update to a version outside of this range to mitigate the risk. For versions 4.6.0 through 4.6.9, update to a version outside of this range to mitigate the risk. For versions 4.7.0 through 4.7.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting remote access commands until a patch is available.