CVE-2023-28616

HIGH

Stormshield Network Security <4.3.17, 4.4.x-4.6.x<4.6.4, 4.7.x<4.7....

Title source: llm

Description

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

References (1)

Core 1

Core References

Vendor Advisory

https://advisories.stormshield.eu/2023-006

Scores

CVSS v3 7.5

EPSS 0.0029

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-319

Status published

Products (2)

stormshield/stormshield_network_security 4.7.0

stormshield/stormshield_network_security 2.7.0 - 4.3.17

Published Dec 26, 2023

Tracked Since Feb 18, 2026