Vulnerability Details : CVE-2023-34198
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.
Products affected by CVE-2023-34198
- Stormshield » Stormshield Network SecurityVersions from including (>=) 3.8.0 and before (<) 3.11.25cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34198
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34198
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST | 2025-02-14 |
References for CVE-2023-34198
-
https://advisories.stormshield.eu/2023-019
Wrong filter policy with DHCP | Stormshield securityVendor Advisory
Jump to