User Account Enumeration Vulnerability in Stormshield Network Security Products
CVE-2023-41166

5.3MEDIUM

Key Information:

Vendor: Stormshield
Status: Stormshield Network Security
Vendor: CVE Published:; 20 December 2023

🔔 Create Stormshield Vulnerability Alert

What is CVE-2023-41166?

A vulnerability in Stormshield Network Security products allows attackers to confirm the existence of specific user accounts by utilizing remote access commands. This poses a potential security risk as it enables malicious actors to target legitimate accounts and launch further attacks. The affected versions span several releases, emphasizing the need for users to update their systems to mitigate any risks associated with this issue.

References

https://advisories.stormshield.eu/2023-027

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Aug 24, 2023

CVE-2023-41166 Data

JSON