Null Pointer Dereference Vulnerability in Stormshield Network Security
CVE-2022-30279

7.5HIGH

Key Information:

Vendor: Stormshield
Status: Network Security
Vendor: CVE Published:; 12 May 2022

🔔 Create Stormshield Vulnerability Alert

What is CVE-2022-30279?

A vulnerability in Stormshield Network Security (SNS) versions 4.3.x prior to 4.3.8 allows an attacker to exploit the event logging of the ASQ sofbus lacbus plugin. By sending forged sofbus lacbus traffic, an attacker can trigger a NULL pointer dereference, which results in a crash of the SNS firmware, disrupting service and compromising the stability of the network security appliance.

References

https://advisories.stormshield.eu/2022-015

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
May 4, 2022

CVE-2022-30279 Data

JSON