CVE-2023-34198

In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
stormshieldstormshield_network_security
1.0.0 ≤
𝑥
< 3.7.37
stormshieldstormshield_network_security
3.8.0 ≤
𝑥
< 3.11.25
stormshieldstormshield_network_security
4.0.0 ≤
𝑥
< 4.3.19
stormshieldstormshield_network_security
4.4.0 ≤
𝑥
< 4.6.6
stormshieldstormshield_network_security
4.7.0
𝑥
= Vulnerable software versions
References
https://advisories.stormshield.eu/2023-019
https://advisories.stormshield.eu/2023-019