CVE-2023-34198

EUVD-2023-38297
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
stormshieldstormshield_network_security
1.0.0 ≤
𝑥
< 3.7.37
stormshieldstormshield_network_security
3.8.0 ≤
𝑥
< 3.11.25
stormshieldstormshield_network_security
4.0.0 ≤
𝑥
< 4.3.19
stormshieldstormshield_network_security
4.4.0 ≤
𝑥
< 4.6.6
stormshieldstormshield_network_security
4.7.0
𝑥
= Vulnerable software versions
References
https://advisories.stormshield.eu/2023-019
https://advisories.stormshield.eu/2023-019