CVE-2023-28616

EUVD-2023-32284
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
stormshieldstormshield_network_security
2.7.0 ≤
𝑥
< 4.3.17
stormshieldstormshield_network_security
4.4.0 ≤
𝑥
< 4.6.4
stormshieldstormshield_network_security
4.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.stormshield.eu/2023-006
https://advisories.stormshield.eu/2023-006