Access Control Vulnerability in Stormshield Network Security Products
CVE-2023-34198

7.3HIGH

Key Information:

Vendor: Stormshield
Status: Stormshield Network Security
Vendor: CVE Published:; 29 February 2024

🔔 Create Stormshield Vulnerability Alert

What is CVE-2023-34198?

An access control issue exists in Stormshield Network Security products that arises from the utilization of a Network object established from an inactive DHCP interface within the filtering slot. This can lead to the inadvertent adoption of a :any type object, potentially causing unanticipated effects on access control policies. Given the complexities of network configurations, this vulnerability underscores the necessity for vigilant management of DHCP interfaces and attention to product updates to ensure network integrity.

References

https://advisories.stormshield.eu/2023-019

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
May 30, 2023

CVE-2023-34198 Data

JSON