Denial of Service Vulnerability in Stormshield Network Security
CVE-2022-23989

7.5HIGH

Key Information:

Vendor: Stormshield
Status: Network Security
Vendor: CVE Published:; 15 March 2022

🔔 Create Stormshield Vulnerability Alert

What is CVE-2022-23989?

A vulnerability exists in the Stormshield Network Security (SNS) products which allows an attacker to overwhelm the SSLVPN service by sending a large volume of connections. This flood can saturate the loopback interface, potentially blocking almost all network traffic and rendering the firewall unreachable. By exploiting this flaw with crafted and timely traffic, an attacker could effectively induce a denial of service, impacting network operations.

References

https://advisories.stormshield.eu/2022-003

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2022
Vulnerability Reserved
Jan 26, 2022

CVE-2022-23989 Data

JSON