CVE-2023-34198
First published: Mon Dec 25 2023(Updated: )
In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Stormshield Network Security (SNS) | >=1.0.0<3.7.37>=3.8.0<3.11.25>=4.0.0<4.3.19>=4.4.0<4.6.6<4.7.1 | |
| Stormshield Network Security (SNS) | >=1.0.0<3.7.37 | |
| Stormshield Network Security (SNS) | >=3.8.0<3.11.25 | |
| Stormshield Network Security (SNS) | >=4.0.0<4.3.19 | |
| Stormshield Network Security (SNS) | >=4.4.0<4.6.6 | |
| Stormshield Network Security (SNS) | =4.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-34198?
CVE-2023-34198 has been classified as a significant vulnerability affecting multiple versions of Stormshield Network Security.
How do I fix CVE-2023-34198?
To fix CVE-2023-34198, update Stormshield Network Security to version 3.7.37 or higher, 3.11.25 or higher, 4.3.19 or higher, 4.6.6 or higher, or 4.7.1 or higher.
What versions of Stormshield Network Security are affected by CVE-2023-34198?
CVE-2023-34198 affects Stormshield Network Security versions 1.0.0 through 3.7.36, 3.8.0 through 3.11.24, 4.0.0 through 4.3.18, 4.4.0 through 4.6.5, and 4.7.0.
What type of vulnerability is CVE-2023-34198?
CVE-2023-34198 is a vulnerability related to the use of a Network object created from an inactive DHCP interface.
Is CVE-2023-34198 exploitable remotely?
Yes, CVE-2023-34198 can potentially be exploited remotely if the affected versions of Stormshield Network Security are exposed to untrusted networks.
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/stormshield
- canonical/stormshield network security (sns)
- version/stormshield network security (sns)/1.0.0
- version/stormshield network security (sns)/3.8.0
- version/stormshield network security (sns)/4.0.0
- version/stormshield network security (sns)/4.4.0
- version/stormshield network security (sns)/4.7.0