Vulnerabilities > CVE-2022-30279 - NULL Pointer Dereference vulnerability in Stormshield Network Security

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

stormshield

CWE-476

NVD

Published: 2022-05-12

Updated: 2024-08-20

Summary

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

Vulnerable Configurations

Part	Description	Count
Application	Stormshield Stormshield Stormshield Network Security 4.3.3 Stormshield Stormshield Network Security 4.3.4 Stormshield Stormshield Network Security 4.3.5 Stormshield Stormshield Network Security 4.3.6 Stormshield Stormshield Network Security 4.3.7	5

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://advisories.stormshield.eu/2022-015