4.3.5

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

stormshield

CWE-476

NVD

Published: 2022-05-12

Updated: 2022-05-20

Summary

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

Vulnerable Configurations

Part	Description	Count
Application	Stormshield Stormshield Network Security 4.3.4 Stormshield Network Security 4.3.5	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://advisories.stormshield.eu/2022-015