CVE-2023-28616

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisories.stormshield.eu/2023-006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:stormshield:network_security::::::::
	cpe:2.3:a:stormshield:network_security::::::::
	cpe:2.3:a:stormshield:network_security:4.7.0:::::::*

History

No history.

Information

Published : 2023-12-26 04:15

Updated : 2024-01-04 15:28

NVD link : CVE-2023-28616

Mitre link : CVE-2023-28616

CVE.ORG link : CVE-2023-28616

JSON object : View

Products Affected

stormshield

network_security

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2023-28616", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T04:15:07.790", "references": [{"url": "https://advisories.stormshield.eu/2023-006", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog."}], "lastModified": "2024-01-04T15:28:24.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2ED1896-6DA3-413F-B5A1-AC1EE41470A6", "versionEndExcluding": "4.3.17", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "601A3438-4E6E-46B6-B596-082C6EA8B1D1", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CEA8D81-9EC9-4285-9A9F-B60CE3A12ABA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}