4.3

CVE-2026-8482

Information leak in NSRPC client history

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)

There is a possible leak of secret information if administration commands have been passed with the CLI command line tool.

Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerStormshield
Produkt Stormshield Network Security
Default Statusunknown
Version <= 4.3.41
Version 4.3.0
Status affected
Version <= 4.8.15
Version 4.8.0
Status affected
Version <= 5.0.5
Version 5.0.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cert@airbus.com 4.3 0.7 3.6
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.