CVE-2023-34198

EPSS 0.29%
Published 29.02.2024 01:39:48
Last modified 14.02.2025 15:51:57
Source cve@mitre.org
Teams watchlist Login
Open Login

In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Stormshield ≫ Stormshield Network Security Version >= 1.0.0 < 3.7.37

Stormshield ≫ Stormshield Network Security Version >= 3.8.0 < 3.11.25

Stormshield ≫ Stormshield Network Security Version >= 4.0.0 < 4.3.19

Stormshield ≫ Stormshield Network Security Version >= 4.4.0 < 4.6.6

Stormshield ≫ Stormshield Network Security Version4.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.517

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

https://advisories.stormshield.eu/2023-019

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-34198

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34198

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34198

EUVD