Stormshield

By the Year

In 2025 there have been 1 vulnerability in Stormshield. Last year, in 2024 Stormshield had 3 security vulnerabilities published. Right now, Stormshield is on track to have less security vulnerabilities in 2025 than it did last year.

Recent Stormshield Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-27829	Apr 01, 2025	Stormshield SNS 4.3.x Multicast DS Service Denial < 4.3.35 An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.35. If multicast streams are enabled on different interfaces, it may be possible to interrupt multicast traffic on some of these interfaces. That could result in a denial of the multicast routing service on the firewall.	Stormshield Network Security
CVE-2024-31946	Jul 15, 2024	Stormshield SNS 3.x4.x: XSS via Email Alert Template Preview (before 3.7.42) An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript, executed by the template preview. The following versions fix this: 3.7.42, 3.11.30, 4.3.25, and 4.7.5.	Network Security
CVE-2023-41165	Feb 29, 2024	Stormshield SNS 3.7-4.6 Login Disclaimer JS Injection (pre-3.7.39/4.6.9) An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.38 before 3.7.39, 3.10.0 through 3.11.26 before 3.11.27, 4.0 through 4.3.21 before 4.3.22, and 4.4.0 through 4.6.8 before 4.6.9. An administrator with write access to the SNS firewall can configure a login disclaimer with malicious JavaScript elements that can result in data theft.	Stormshield Network Security
CVE-2023-34198	Feb 29, 2024	Stormshield SNS ACL Flaw: Unintended :any via Inactive DHCP (pre-4.7.1) In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.	Stormshield Network Security
CVE-2023-28616	Dec 26, 2023	Stormshield SNS <4.3.17/4.4.x<4.6.4/4.7.x<4.7.1 Cleartext Password Leak (serverd) An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.	Network Security Stormshield Network Security
CVE-2023-47091	Dec 25, 2023	Stormshield SNS 4.34.7 Cookie Threshold Overflow in IPsec An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.	Network Security Stormshield Network Security
CVE-2023-41166	Dec 21, 2023	Stormshield SNS firewall user enumeration via remote cmds (v3.7.0-4.7.1) An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.	Stormshield Network Security
CVE-2023-47093	Dec 21, 2023	Stormshield Network Security ASQ crash via crafted ICMP 4.0.04.7.0 An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Sending a crafted ICMP packet may lead to a crash of the ASQ engine.	Stormshield Network Security
CVE-2022-46783	Aug 28, 2023	An issue was discovered in Stormshield SSL VPN Client before 3.2.0 An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, an attacker may be able to access the other encrypted address book.	Ssl Vpn Client
CVE-2023-26095	Aug 28, 2023	ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.	Network Security Stormshield Network Security
CVE-2021-27932	Aug 25, 2023	Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.	Ssl Vpn Client
CVE-2020-11711	Aug 25, 2023	An issue was discovered in Stormshield SNS 3.8.0 An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.	Stormshield Network Security
CVE-2022-46782	Aug 05, 2023	An issue was discovered in Stormshield SSL VPN Client before 3.2.0 An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.	Ssl Vpn Client
CVE-2023-35799	Jun 27, 2023	Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.	Endpoint Security
CVE-2023-35800	Jun 27, 2023	Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.	Endpoint Security
CVE-2023-23562	May 31, 2023	Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.	Endpoint Security
CVE-2023-23561	May 30, 2023	Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.	Endpoint Security
CVE-2023-20032	Mar 01, 2023	On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].	Stormshield Network Security
CVE-2023-20052	Mar 01, 2023	On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.	Stormshield Network Security
CVE-2022-4304	Feb 08, 2023	A timing based side channel exists in the OpenSSL RSA Decryption implementation A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.	Stormshield Network Security Endpoint Security Sslvpn And others...
CVE-2022-4450	Feb 08, 2023	The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.	Stormshield Network Security
CVE-2023-0215	Feb 08, 2023	The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.	Stormshield Management Center
CVE-2023-0216	Feb 08, 2023	An invalid pointer dereference on read An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.	Stormshield Management Center
CVE-2023-0286	Feb 08, 2023	There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.	Stormshield Network Security Stormshield Management Center
CVE-2023-0401	Feb 08, 2023	A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.	Stormshield Management Center
CVE-2022-40617	Oct 31, 2022	strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.	Stormshield Network Security
CVE-2022-27812	Aug 24, 2022	Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.	Network Security Stormshield Network Security
CVE-2022-37434	Aug 05, 2022	zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).	Stormshield Network Security
CVE-2022-32214	Jul 14, 2022	The llhttp parser <v14.20.1 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).	Stormshield Management Center
CVE-2022-32215	Jul 14, 2022	The llhttp parser <v14.20.1 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).	Stormshield Management Center
CVE-2022-32213	Jul 14, 2022	The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).	Stormshield Management Center
CVE-2022-30279	May 12, 2022	An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8 An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.	Network Security Stormshield Network Security
CVE-2022-23989	Mar 15, 2022	In Stormshield Network Security (SNS) before 3.7.25 In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.	Network Security Stormshield Network Security
CVE-2021-3398	Feb 10, 2022	Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.	Stormshield Network Security
CVE-2021-31814	Feb 10, 2022	In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client.	Stormshield Network Security
CVE-2021-37613	Feb 10, 2022	Stormshield Network Security (SNS) 1.0.0 through 4.2.3 Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.	Stormshield Network Security
CVE-2021-31617	Jan 31, 2022	In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead to remote code execution.	Network Security Stormshield Network Security
CVE-2021-28962	Jan 31, 2022	Stormshield Network Security (SNS) before 4.2.2 Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands.	Network Security Stormshield Network Security
CVE-2021-28096	Jan 27, 2022	An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used) An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections.	Stormshield Network Security
CVE-2021-45885	Dec 29, 2021	An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8) An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.	Network Security
CVE-2021-45090	Dec 21, 2021	Stormshield Endpoint Security before 2.1.2 Stormshield Endpoint Security before 2.1.2 allows remote code execution.	Endpoint Security
CVE-2021-45089	Dec 21, 2021	Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.	Endpoint Security
CVE-2021-45091	Dec 21, 2021	Stormshield Endpoint Security Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.	Endpoint Security
CVE-2002-20001	Nov 11, 2021	The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.	Stormshield Network Security Stormshield Management Center
CVE-2021-31221	Jul 13, 2021	SES Evolution before 2.1.0 SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed.	Endpoint Security
CVE-2021-35957	Jul 13, 2021	Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32) with malicious ones.	Endpoint Security
CVE-2021-31224	Jul 13, 2021	SES Evolution before 2.1.0 SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.	Endpoint Security
CVE-2021-31223	Jul 13, 2021	SES Evolution before 2.1.0 SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed.	Endpoint Security
CVE-2021-31222	Jul 13, 2021	SES Evolution before 2.1.0 SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed.	Endpoint Security
CVE-2021-31220	Jul 13, 2021	SES Evolution before 2.1.0 SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.	Endpoint Security