StormshieldCVEs & Vulnerabilities

59 CVEs affecting Stormshield products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

stormshield network security 42endpoint security 16stormshield management center 8network security 3ssl vpn client 3sslvpn 1
CVE-2021-31221MEDIUM

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.

13 Jul 2021
5.7
CVSS
CVE-2021-31220MEDIUM

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.

13 Jul 2021
5.2
CVSS
CVE-2021-31225HIGH

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed.

13 Jul 2021
7.3
CVSS
CVE-2021-28127HIGH

An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.

1 Jul 2021
7.5
CVSS
CVE-2021-28665HIGH

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.

6 May 2021
7.5
CVSS
CVE-2021-27506MEDIUM

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.

19 Mar 2021
5.5
CVSS
CVE-2021-3384MEDIUM

A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0.

2 Mar 2021
5.3
CVSS
CVE-2020-7466HIGH

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.

6 Oct 2020
7.5
CVSS
CVE-2020-7465CRITICAL

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

6 Oct 2020
9.8
CVSS
CVE-2020-8430MEDIUM

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.

13 Apr 2020
6.1
CVSS
CVE-2018-20850HIGH

Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.

4 Jul 2019
8.2
CVSS
← PrevPage 2 / 2Next →