Local Password Retention Issue in Stormshield Network Security
CVE-2021-45885

7.5HIGH

Key Information:

Vendor: Stormshield
Status: Network Security
Vendor: CVE Published:; 29 December 2021

🔔 Create Stormshield Vulnerability Alert

What is CVE-2021-45885?

A local password retention flaw has been identified in Stormshield Network Security versions 4.2.2 to 4.2.7. During specific update-migration scenarios, the system fails to properly erase the old SSH password after a change, potentially leading to unauthorized access. An update to version 4.2.8 effectively resolves this issue, ensuring that security protocols are maintained.

References

https://advisories.stormshield.eu

x_refsource_MISC

https://advisories.stormshield.eu/2021-069/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2021
Vulnerability Reserved
Dec 27, 2021

CVE-2021-45885 Data

JSON