CVE Vulnerabilities

CVE-2023-34198

Published: Feb 29, 2024 | Modified: Feb 14, 2025
CVSS 3.x
7.3
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any type, which may have unexpected results for access control.

Affected Software

Name Vendor Start Version End Version
Stormshield_network_security Stormshield 1.0.0 (including) 3.7.37 (excluding)
Stormshield_network_security Stormshield 3.8.0 (including) 3.11.25 (excluding)
Stormshield_network_security Stormshield 4.0.0 (including) 4.3.19 (excluding)
Stormshield_network_security Stormshield 4.4.0 (including) 4.6.6 (excluding)
Stormshield_network_security Stormshield 4.7.0 (including) 4.7.0 (including)

References