CVE-2023-41165

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

A

n issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.

References

Link	Resource
https://advisories.stormshield.eu/2023-020/	Vendor Advisory
https://advisories.stormshield.eu/2023-020/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::

History

14 Feb 2025, 15:52

Type	Values Removed	Values Added
First Time		Stormshield Stormshield stormshield Network Security
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.8
CPE		cpe:2.3:a:stormshield:stormshield_network_security::::::::
References	~~() https://advisories.stormshield.eu/2023-020/ -~~	() https://advisories.stormshield.eu/2023-020/ - Vendor Advisory

21 Nov 2024, 08:20

Type	Values Removed	Values Added
References	~~() https://advisories.stormshield.eu/2023-020/ -~~	() https://advisories.stormshield.eu/2023-020/ -

Information

Published : 2024-02-29 01:40

Updated : 2025-02-14 15:52

NVD link : CVE-2023-41165

Mitre link : CVE-2023-41165

CVE.ORG link : CVE-2023-41165

JSON object : View

Products Affected

stormshield

stormshield_network_security

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-41165", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2024-02-29T01:40:58.383", "references": [{"url": "https://advisories.stormshield.eu/2023-020/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://advisories.stormshield.eu/2023-020/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) 3.7.0 hasta 3.7.38 antes de 3.7.39, 3.10.0 hasta 3.11.26 antes de 3.11.27, 4.0 hasta 4.3.21 antes de 4.3.22 y 4.4.0 hasta 4.6.8 antes de 4.6.9. Un administrador con acceso de escritura al firewall SNS puede configurar un descargo de responsabilidad de inicio de sesi\u00f3n con elementos JavaScript maliciosos que pueden resultar en el robo de datos."}], "lastModified": "2025-02-14T15:52:28.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3686BA2-0A05-47ED-AC59-D7D308B88756", "versionEndExcluding": "3.7.39", "versionStartIncluding": "3.7.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "153F3201-A135-4E7F-A020-F2071094D67D", "versionEndExcluding": "3.11.27", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FE8DAD-7467-42A3-9519-AE2D9A523497", "versionEndExcluding": "4.3.22", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "134FC4FC-E0A0-4AD2-85D8-ED8536FD9F13", "versionEndExcluding": "4.6.9", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}