4.3
CVE-2026-8482
- EPSS 0.21%
- Veröffentlicht 02.07.2026 08:42:56
- Zuletzt bearbeitet 02.07.2026 17:42:54
- Quelle cert@airbus.com
- CVE-Watchlists
- Unerledigt
Information leak in NSRPC client history
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerStormshield
≫
Produkt
Stormshield Network Security
Default Statusunknown
Version <=
4.3.41
Version
4.3.0
Status
affected
Version <=
4.8.15
Version
4.8.0
Status
affected
Version <=
5.0.5
Version
5.0.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.115 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cert@airbus.com | 4.3 | 0.7 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://advisories.stormshield.eu/2025-007/