CVE-2023-28616 - OpenCVE

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Stormshield	Network Security

Configuration 1 [-]

OR	cpe:2.3:a:stormshield:network_security::::::::
	cpe:2.3:a:stormshield:network_security::::::::
	cpe:2.3:a:stormshield:network_security:4.7.0:::::::*

References

Link	Resource
https://advisories.stormshield.eu/2023-006	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-26T00:00:00

Updated: 2023-12-26T03:48:33.987011

Reserved: 2023-03-19T00:00:00

Link: CVE-2023-28616

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-26T04:15:07.790

Modified: 2024-01-04T15:28:24.317

Link: CVE-2023-28616

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2ED1896-6DA3-413F-B5A1-AC1EE41470A6", "versionEndExcluding": "4.3.17", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "601A3438-4E6E-46B6-B596-082C6EA8B1D1", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:network_security:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CEA8D81-9EC9-4285-9A9F-B60CE3A12ABA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog."}], "id": "CVE-2023-28616", "lastModified": "2024-01-04T15:28:24.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-26T04:15:07.790", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://advisories.stormshield.eu/2023-006"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}