4.3
CVE-2026-8480
- EPSS 0.09%
- Veröffentlicht 01.07.2026 14:52:12
- Zuletzt bearbeitet 01.07.2026 19:59:44
- Quelle cert@airbus.com
- CVE-Watchlists
- Unerledigt
Connection possible to the Administration portal with a revoked certificate
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerStormshield
≫
Produkt
Stormshield Network Security
Default Statusunknown
Version <=
4.3.41
Version
4.3.0
Status
affected
Version <=
4.8.15
Version
4.4.0
Status
affected
Version <=
5.0.5
Version
5.0.2 EA
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.005 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cert@airbus.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://advisories.stormshield.eu/2026-002/