CVE-2023-28616

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
stormshieldstormshield_network_security
2.7.0 ≤
𝑥
< 4.3.17
stormshieldstormshield_network_security
4.4.0 ≤
𝑥
< 4.6.4
stormshieldstormshield_network_security
4.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.stormshield.eu/2023-006
https://advisories.stormshield.eu/2023-006