Refine your search
37 vulnerabilities found for Stormshield Network Security by Stormshield
CERTFR-2025-AVI-0816
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans StormShield Network Security. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.7.x et 4.8.x antérieures à 4.8.12 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 5.0.x antérieures à 5.0.1 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.3.x antérieures à 4.3.40 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "StormShield Network Security versions 4.7.x et 4.8.x ant\u00e9rieures \u00e0 4.8.12",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.40",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-48707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48707"
}
],
"initial_release_date": "2025-09-25T00:00:00",
"last_revision_date": "2025-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0816",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Network Security. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
"vendor_advisories": [
{
"published_at": "2025-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-003",
"url": "https://advisories.stormshield.eu/2025-003/"
}
]
}
CERTFR-2025-AVI-0488
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.37 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions antérieures à 5.0.0 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.7.x et 4.8.x antérieures à 4.8.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.37",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 5.0.0",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.7.x et 4.8.x ant\u00e9rieures \u00e0 4.8.9",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-44078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44078"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0488",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-029",
"url": "https://advisories.stormshield.eu/2024-029/"
}
]
}
CERTFR-2025-AVI-0250
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans StormShield Network Security. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | IPMI SN6100 versions antérieures à 1.86 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IPMI SN6100 versions ant\u00e9rieures \u00e0 1.86",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-26733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26733"
},
{
"name": "CVE-2021-26730",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26730"
},
{
"name": "CVE-2021-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26731"
},
{
"name": "CVE-2021-26732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26732"
},
{
"name": "CVE-2021-26729",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26729"
},
{
"name": "CVE-2021-44776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44776"
},
{
"name": "CVE-2021-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26728"
},
{
"name": "CVE-2021-44467",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44467"
},
{
"name": "CVE-2021-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26727"
}
],
"initial_release_date": "2025-03-28T00:00:00",
"last_revision_date": "2025-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0250",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield Network Security. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield Network Security",
"vendor_advisories": [
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2023-033",
"url": "https://advisories.stormshield.eu/2023-033"
}
]
}
CERTFR-2025-AVI-0249
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans StormShield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.3.x antérieures à 4.3.35 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.35",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-27829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27829"
}
],
"initial_release_date": "2025-03-27T00:00:00",
"last_revision_date": "2025-03-27T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Network Security. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
"vendor_advisories": [
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-002",
"url": "https://advisories.stormshield.eu/2025-002/"
}
]
}
CERTFR-2024-AVI-0985
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.8.x antérieures à 4.8.4 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions antérieures à 4.3.32 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.4",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.32",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-44077",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44077"
},
{
"name": "CVE-2024-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20505"
}
],
"initial_release_date": "2024-11-14T00:00:00",
"last_revision_date": "2024-11-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0985",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network Security. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": "2024-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-028",
"url": "https://advisories.stormshield.eu/2024-028/"
},
{
"published_at": "2024-11-13",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-034",
"url": "https://advisories.stormshield.eu/2024-034"
}
]
}
CERTFR-2024-AVI-0804
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.4.x à 4.7.x antérieures à 4.7.9 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions antérieures à 4.3.30 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.8.x antérieures à 4.8.3 | ||
| Stormshield | Stormshield Network VPN Client | Stormshield VPN Client Exclusive sans le correctif de sécurité EC VULN IS 1986 | ||
| Stormshield | Stormshield Network VPN Client | Stormshield VPN Client Standard sans le correctif de sécurité VULN EC IS 1992 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.4.x \u00e0 4.7.x ant\u00e9rieures \u00e0 4.7.9",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.30",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield VPN Client Exclusive sans le correctif de s\u00e9curit\u00e9 EC VULN IS 1986",
"product": {
"name": "Stormshield Network VPN Client",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield VPN Client Standard sans le correctif de s\u00e9curit\u00e9 VULN EC IS 1992",
"product": {
"name": "Stormshield Network VPN Client",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39706"
},
{
"name": "CVE-2024-45750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45750"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
}
],
"initial_release_date": "2024-09-25T00:00:00",
"last_revision_date": "2024-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0804",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-030",
"url": "https://advisories.stormshield.eu/2024-030/"
},
{
"published_at": "2024-09-25",
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-031",
"url": "https://advisories.stormshield.eu/2024-031/"
},
{
"published_at": "2024-09-24",
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-024",
"url": "https://advisories.stormshield.eu/2024-024/"
}
]
}
CERTFR-2024-AVI-0586
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.42 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x antérieures à 4.3.27 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions ultérieures à 4.4.0 et antérieures à 4.7.6 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.1x.x antérieures à 3.11.30 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.8.x antérieures à 4.8.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.42",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.3.27",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions ult\u00e9rieures \u00e0 4.4.0 et ant\u00e9rieures \u00e0 4.7.6",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.1x.x ant\u00e9rieures \u00e0 3.11.30",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-31946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31946"
},
{
"name": "CVE-2024-37386",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37386"
},
{
"name": "CVE-2022-47522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47522"
}
],
"initial_release_date": "2024-07-16T00:00:00",
"last_revision_date": "2024-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0586",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-16T00:00:00.000000"
},
{
"description": "Suppression de la CVE-2024-3094 non applicable",
"revision_date": "2024-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": "2024-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-017",
"url": "https://advisories.stormshield.eu/2024-017/"
},
{
"published_at": "2024-04-10",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-007",
"url": "https://advisories.stormshield.eu/2024-007"
},
{
"published_at": "2024-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-018",
"url": "https://advisories.stormshield.eu/2024-018/"
}
]
}
CERTFR-2024-AVI-0309
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.25 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.0 à 3.11.27 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.6.0 à 4.6.10 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.0 à 3.7.39 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.7.x antérieures à 4.7.5 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.25",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.0 \u00e0 3.11.27",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.6.0 \u00e0 4.6.10",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.0 \u00e0 3.7.39",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.5",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-20813",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-20813"
}
],
"initial_release_date": "2024-04-16T00:00:00",
"last_revision_date": "2024-04-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-005 du 13 f\u00e9vrier 2024",
"url": "https://advisories.stormshield.eu/2024-005/"
}
],
"reference": "CERTFR-2024-AVI-0309",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-005 du 10 avril 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0308
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.25 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.29 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.41 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.7.x antérieures à 4.7.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.25",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.29",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.41",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.5",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
}
],
"initial_release_date": "2024-04-15T00:00:00",
"last_revision_date": "2024-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0308",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-011 du 10 avril 2024",
"url": "https://advisories.stormshield.eu/2024-011/"
}
]
}
CERTFR-2024-AVI-0214
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | SN520 versions 4.3.x antérieures à 4.3.24 | ||
| Stormshield | Stormshield Network Security | SN-S-Series versions 4.x antérieures à 4.7.3 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SN520 versions 4.3.x ant\u00e9rieures \u00e0 4.3.24",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "SN-S-Series versions 4.x ant\u00e9rieures \u00e0 4.7.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32282"
}
],
"initial_release_date": "2024-03-13T00:00:00",
"last_revision_date": "2024-03-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield\u00a0STORM-2024-004 du 13 mars 2024",
"url": "https://advisories.stormshield.eu/2024-004/"
}
],
"reference": "CERTFR-2024-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2024-004 du 13 mars 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0138
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x.x antérieures à 4.3.23 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.28 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions antérieures à 3.7.40 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x.x postérieures à 4.4.x et antérieures à 4.6.11 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.7.x antérieures à 4.7.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.x.x ant\u00e9rieures \u00e0 4.3.23",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.28",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 3.7.40",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x.x post\u00e9rieures \u00e0 4.4.x et ant\u00e9rieures \u00e0 4.6.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-44453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44453"
}
],
"initial_release_date": "2024-02-15T00:00:00",
"last_revision_date": "2024-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0138",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-023 du 15 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-023/"
}
]
}
CERTFR-2024-AVI-0001
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans StormShield Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Un correctif sera bientôt fourni pour toutes les versions encore en maintenance.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour les mesures de contournement (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security toutes versions |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security toutes versions",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nUn correctif sera bient\u00f4t fourni pour toutes les versions encore en\nmaintenance.\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les mesures de\ncontournement (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
}
],
"initial_release_date": "2024-01-02T00:00:00",
"last_revision_date": "2024-01-03T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-02T00:00:00.000000"
},
{
"description": "Retrait des identifiants CVE-2023-46447, CVE-2023-51384 et CVE-2023-51385",
"revision_date": "2024-01-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Stormshield Network\nSecurity. Elle permet \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-035 du 29 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-035/"
}
]
}
CERTFR-2023-AVI-1058
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.4.x à 4.6.x antérieures à 4.6. | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.7.x à 4.3.x antérieures à 4.3.17 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.7.x antérieures à 4.7.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.4.x \u00e0 4.6.x ant\u00e9rieures \u00e0 4.6.",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.7.x \u00e0 4.3.x ant\u00e9rieures \u00e0 4.3.17",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28616"
}
],
"initial_release_date": "2023-12-26T00:00:00",
"last_revision_date": "2023-12-26T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2023-006 du 22 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-006/"
}
]
}
CERTFR-2023-AVI-1039
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x.x antérieures à 4.3.23 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.28 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.7.x antérieures à 4.7.2 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.6.x antérieures à 4.6.10 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.40 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.x.x ant\u00e9rieures \u00e0 4.3.23",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.28",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.6.x ant\u00e9rieures \u00e0 4.6.10",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.40",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47091"
},
{
"name": "CVE-2023-41166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41166"
},
{
"name": "CVE-2023-20197",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20197"
},
{
"name": "CVE-2023-47093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47093"
}
],
"initial_release_date": "2023-12-18T00:00:00",
"last_revision_date": "2023-12-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1039",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-024 du 15 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-024/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-027 du 15 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-027/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-031 du 15 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-031/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-032 du 15 d\u00e9cembre 2023",
"url": "https://advisories.stormshield.eu/2023-032/"
}
]
}
CERTFR-2023-AVI-0471
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.0.x à 4.3.x antérieures à 4.3.19 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.4.x à 4.7.x antérieures à 4.7.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x à 3.11.x antérieures à 3.11.25 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions antérieures à 3.7.37 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.0.x \u00e0 4.3.x ant\u00e9rieures \u00e0 4.3.19",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.4.x \u00e0 4.7.x ant\u00e9rieures \u00e0 4.7.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.x \u00e0 3.11.x ant\u00e9rieures \u00e0 3.11.25",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 3.7.37",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34198"
}
],
"initial_release_date": "2023-06-16T00:00:00",
"last_revision_date": "2023-06-16T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0471",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2023-019 du 16 juin 2023",
"url": "https://advisories.stormshield.eu/2023-019/"
}
]
}
CERTFR-2023-AVI-0430
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.4.x antérieures à 4.5.0 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.0.0 à 4.3.16 antérieures à 4.3.17 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.4.x ant\u00e9rieures \u00e0 4.5.0",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.0.0 \u00e0 4.3.16 ant\u00e9rieures \u00e0 4.3.17",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7466"
},
{
"name": "CVE-2020-7465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7465"
}
],
"initial_release_date": "2023-06-02T00:00:00",
"last_revision_date": "2023-06-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0430",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nNetwork Security. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": "2023-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-017",
"url": "https://advisories.stormshield.eu/2023-017/"
}
]
}
CERTFR-2023-AVI-0299
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans StormShield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.3.x antérieures à 4.3.17 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 3.x antérieures à 3.7.35 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.4.x à 4.6.x antérieures à 4.6.4 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 3.8.x à 3.11.x antérieures à 3.11.23 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.17",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 3.x ant\u00e9rieures \u00e0 3.7.35",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 4.4.x \u00e0 4.6.x ant\u00e9rieures \u00e0 4.6.4",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 3.8.x \u00e0 3.11.x ant\u00e9rieures \u00e0 3.11.23",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20052",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20052"
},
{
"name": "CVE-2023-20032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20032"
}
],
"initial_release_date": "2023-04-12T00:00:00",
"last_revision_date": "2023-04-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0299",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eStormShield Network Security\u003c/span\u003e. Elles permettent \u00e0\nun attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s StormShield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-013 du 11 avril 2023",
"url": "https://advisories.stormshield.eu/2023-013/"
}
]
}
CERTFR-2023-AVI-0153
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.22 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.7.x antérieures à 2.7.11 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x antérieures à 4.3.16 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.4.x, 4.5.x et 4.6.x antérieures à 4.6.3 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.8.x à 3.7.x antérieures à 3.7.34 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.22",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.7.x ant\u00e9rieures \u00e0 2.7.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.3.16",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.4.x, 4.5.x et 4.6.x ant\u00e9rieures \u00e0 4.6.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.8.x \u00e0 3.7.x ant\u00e9rieures \u00e0 3.7.34",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-26095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26095"
}
],
"initial_release_date": "2023-02-21T00:00:00",
"last_revision_date": "2023-02-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 StormShield\u00a0STORM-2023-007 du 21 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-007/"
}
],
"reference": "CERTFR-2023-AVI-0153",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Stormshield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2022-027 du 21 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2022-027/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-010 du 21 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-010/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-008 du 21 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-008/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-009 du 21 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-009/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-007 du 21 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-1041
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.11 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.32 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.5.x antérieures à 4.5.3 | ||
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 3.3.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.32",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.5.x ant\u00e9rieures \u00e0 4.5.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.3.2",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2022-0554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
},
{
"name": "CVE-2022-0572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
},
{
"name": "CVE-2022-0729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
}
],
"initial_release_date": "2022-11-21T00:00:00",
"last_revision_date": "2022-11-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-006 du 17 novembre 2022",
"url": "https://advisories.stormshield.eu/2022-006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-026 du 18 novembre 2022",
"url": "https://advisories.stormshield.eu/2022-026/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-024 du 28 septembre 2022",
"url": "https://advisories.stormshield.eu/2022-024/"
}
]
}
CERTFR-2022-AVI-682
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans StormShield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | StormShield Network Security versions 3.11.x antérieures à 3.11.18 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.4.x à 4.5.x antérieures à 4.5.2 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.3.x antérieures à 4.3.10 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 4.2.x antérieures à 4.2.14 | ||
| Stormshield | Stormshield Network Security | StormShield Network Security versions 2.7.x à 3.7.x antérieures à 3.7.30 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "StormShield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.18",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 4.4.x \u00e0 4.5.x ant\u00e9rieures \u00e0 4.5.2",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.10",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 4.2.x ant\u00e9rieures \u00e0 4.2.14",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "StormShield Network Security versions 2.7.x \u00e0 3.7.x ant\u00e9rieures \u00e0 3.7.30",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27812"
},
{
"name": "CVE-2022-20803",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20803"
},
{
"name": "CVE-2022-20792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20792"
},
{
"name": "CVE-2022-20770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20770"
},
{
"name": "CVE-2022-20785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20785"
},
{
"name": "CVE-2022-20796",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20796"
},
{
"name": "CVE-2022-20771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20771"
}
],
"initial_release_date": "2022-07-27T00:00:00",
"last_revision_date": "2022-07-27T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 StormShield\u00a02022-009 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-009/"
}
],
"reference": "CERTFR-2022-AVI-682",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2022-009 du 06 avril 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2022-017 du 26 juillet 2022",
"url": "https://advisories.stormshield.eu/2022-017/"
}
]
}
CERTFR-2022-AVI-457
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30279"
}
],
"initial_release_date": "2022-05-12T00:00:00",
"last_revision_date": "2022-05-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-457",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-015 du 12 mai 2022",
"url": "https://advisories.stormshield.eu/2022-015/"
}
]
}
CERTFR-2022-AVI-330
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.7.x antérieures à 2.7.10 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.27 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.7 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.15 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.2.x antérieures à 4.2.11 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 2.7.x ant\u00e9rieures \u00e0 2.7.10",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.27",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.7",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.15",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.2.x ant\u00e9rieures \u00e0 4.2.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
},
{
"name": "CVE-2022-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0158"
},
{
"name": "CVE-2021-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
},
{
"name": "CVE-2021-4019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4019"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0393"
},
{
"name": "CVE-2022-0408",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0408"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0156"
},
{
"name": "CVE-2021-3928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
},
{
"name": "CVE-2022-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0417"
},
{
"name": "CVE-2022-0368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0368"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0443"
},
{
"name": "CVE-2022-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0319"
},
{
"name": "CVE-2021-3984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3984"
},
{
"name": "CVE-2022-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-0413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0413"
},
{
"name": "CVE-2022-20698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20698"
},
{
"name": "CVE-2021-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-0359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-0351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
},
{
"name": "CVE-2022-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
},
{
"name": "CVE-2021-4069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4069"
},
{
"name": "CVE-2022-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0318"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2021-3927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
},
{
"name": "CVE-2022-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0407"
}
],
"initial_release_date": "2022-04-13T00:00:00",
"last_revision_date": "2022-04-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-330",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-008 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-008/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-004 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-004/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-005 du 06 avril 2022",
"url": "https://advisories.stormshield.eu/2022-005/"
}
]
}
CERTFR-2022-AVI-135
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x à 3.11.x antérieures à 3.11.13 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.1.x à 3.7.x antérieures à 3.7.25 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.8.x \u00e0 3.11.x ant\u00e9rieures \u00e0 3.11.13",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.1.x \u00e0 3.7.x ant\u00e9rieures \u00e0 3.7.25",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3398",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3398"
},
{
"name": "CVE-2021-31814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31814"
}
],
"initial_release_date": "2022-02-10T00:00:00",
"last_revision_date": "2022-02-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-135",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-001 du 09 f\u00e9vrier 2022",
"url": "https://advisories.stormshield.eu/2021-001/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-019 du 09 f\u00e9vrier 2022",
"url": "https://advisories.stormshield.eu/2021-019/"
}
]
}
CERTFR-2021-AVI-985
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions antérieures à 4.2.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.2.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45885"
}
],
"initial_release_date": "2021-12-30T00:00:00",
"last_revision_date": "2021-12-30T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-985",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-069 du 29 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-069/"
}
]
}
CERTFR-2021-AVI-928
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.x antérieures à 3.7.23 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.x antérieures à 2.7.9 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x antérieures à 3.11.11 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x antérieures à 4.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.x ant\u00e9rieures \u00e0 3.7.23",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.x ant\u00e9rieures \u00e0 2.7.9",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.x ant\u00e9rieures \u00e0 3.11.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-41991",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41991"
},
{
"name": "CVE-2021-3872",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3872"
},
{
"name": "CVE-2021-3778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3778"
},
{
"name": "CVE-2021-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3875"
},
{
"name": "CVE-2021-3796",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3796"
}
],
"initial_release_date": "2021-12-08T00:00:00",
"last_revision_date": "2021-12-20T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-928",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-08T00:00:00.000000"
},
{
"description": "Ajout de liens \u00e9diteurs",
"revision_date": "2021-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-064 du 8 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-064/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-065 du 8 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-065/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-062 du 8 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-062/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-063 du 8 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-063/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-061 du 8 d\u00e9cembre 2021",
"url": "https://advisories.stormshield.eu/2021-061/"
}
]
}
CERTFR-2021-AVI-760
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.2.x antérieures à 4.2.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.2.x ant\u00e9rieures \u00e0 4.2.5",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
}
],
"initial_release_date": "2021-10-07T00:00:00",
"last_revision_date": "2021-10-07T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-054 du 06 octobre 2021",
"url": "https://advisories.stormshield.eu/2021-054/"
}
]
}
CERTFR-2021-AVI-659
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security version 4.2.2 corrigée par la version 4.2.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security version 4.2.2 corrig\u00e9e par la version 4.2.4",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2021-08-26T00:00:00",
"last_revision_date": "2021-08-26T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-659",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service, une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-035 du 25 ao\u00fbt 2021",
"url": "https://advisories.stormshield.eu/2021-035/"
}
]
}
CERTFR-2021-AVI-415
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.2.1 antérieures à 4.2.2 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.x.x antérieures à 3.7.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.1.5 antérieures à 4.1.6 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x antérieures à 3.11.8 | ||
| Stormshield | N/A | Netasq versions 9.1.0 et 9.1.11 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.2.1 ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.x.x ant\u00e9rieures \u00e0 3.7.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.1.5 ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.x ant\u00e9rieures \u00e0 3.11.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.1.0 et 9.1.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1405",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1405"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-1404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1404"
}
],
"initial_release_date": "2021-05-28T00:00:00",
"last_revision_date": "2021-05-28T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-415",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-033 du 27 mai 2021",
"url": "https://advisories.stormshield.eu/2021-033/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-017 du 27 mai 2021",
"url": "https://advisories.stormshield.eu/2021-017/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2021-009 du 27 mai 2021",
"url": "https://advisories.stormshield.eu/2021-009/"
}
]
}
CERTFR-2021-AVI-341
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.0.0 à 2.7.9 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security version 4.2.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.0.0 à 3.7.19 antérieures à 3.7.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.0.0 à 4.1.5 antérieures à 4.1.6 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security SSOAgent versions 3.x antérieures à 3.0.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.0 à 3.11.7 antérieures à 3.11.8 | ||
| Stormshield | N/A | Netasq version 9.1.10 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.8.0 à 2.16.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 2.0.0 \u00e0 2.7.9",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security version 4.2.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.0.0 \u00e0 3.7.19 ant\u00e9rieures \u00e0 3.7.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.0.0 \u00e0 4.1.5 ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security SSOAgent versions 3.x ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.0 \u00e0 3.11.7 ant\u00e9rieures \u00e0 3.11.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq version 9.1.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.8.0 \u00e0 2.16.0",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-36230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
},
{
"name": "CVE-2020-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
},
{
"name": "CVE-2020-36225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
},
{
"name": "CVE-2020-36224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
},
{
"name": "CVE-2020-36228",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
},
{
"name": "CVE-2020-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2020-36223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
},
{
"name": "CVE-2021-28665",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28665"
},
{
"name": "CVE-2020-36229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
},
{
"name": "CVE-2020-36226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
},
{
"name": "CVE-2020-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
}
],
"initial_release_date": "2021-05-05T00:00:00",
"last_revision_date": "2021-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-05T00:00:00.000000"
},
{
"description": "coorection des identifiants de CVE",
"revision_date": "2021-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-014 du 5 mai 2021",
"url": "https://advisories.stormshield.eu/2021-014/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-018 du 5 mai 2021",
"url": "https://advisories.stormshield.eu/2021-018/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-010 du 5 mai 2021",
"url": "https://advisories.stormshield.eu/2021-010/"
}
]
}
CERTFR-2021-AVI-153
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.x antérieures à 2.7.8 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.0.x antérieures à 4.1.5 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.8.x à 3.11.x antérieures à 3.11.5 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.0.x à 3.7.x antérieures à 3.7.17 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.8.0 à 2.16.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 2.x ant\u00e9rieures \u00e0 2.7.8",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.0.x ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.8.x \u00e0 3.11.x ant\u00e9rieures \u00e0 3.11.5",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.0.x \u00e0 3.7.x ant\u00e9rieures \u00e0 3.7.17",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.8.0 \u00e0 2.16.0",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3384"
}
],
"initial_release_date": "2021-03-02T00:00:00",
"last_revision_date": "2021-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-153",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-02T00:00:00.000000"
},
{
"description": "correction solution pour version 4.0",
"revision_date": "2021-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-049 du 01 mars 2021",
"url": "https://advisories.stormshield.eu/2020-049/"
}
]
}