CVE-2023-28616

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

n issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

References

Link	Resource
https://advisories.stormshield.eu/2023-006	Vendor Advisory
https://advisories.stormshield.eu/2023-006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:::::::*

History

21 Nov 2024, 07:55

Type	Values Removed	Values Added
References	~~() https://advisories.stormshield.eu/2023-006 - Vendor Advisory~~	() https://advisories.stormshield.eu/2023-006 - Vendor Advisory

20 Aug 2024, 14:58

Type	Values Removed	Values Added
CPE	cpe:2.3:a:stormshield:network_security:::::::: cpe:2.3:a:stormshield:network_security:4.7.0:::::::*	cpe:2.3:a:stormshield:stormshield_network_security:::::::: cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:::::::*
First Time		Stormshield stormshield Network Security

Information

Published : 2023-12-26 04:15

Updated : 2024-11-21 07:55

NVD link : CVE-2023-28616

Mitre link : CVE-2023-28616

CVE.ORG link : CVE-2023-28616

JSON object : View

Products Affected

stormshield

stormshield_network_security

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2023-28616", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T04:15:07.790", "references": [{"url": "https://advisories.stormshield.eu/2023-006", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://advisories.stormshield.eu/2023-006", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog."}], "lastModified": "2024-11-21T07:55:40.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77BB677B-09F8-4CB6-A65B-D596EF7598EC", "versionEndExcluding": "4.3.17", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77BAC9BA-B215-490F-9202-617B1B4E7C8A", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41064506-1A8B-462B-B0CC-935467EB80CA"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}