VDB
CVE-2023-41166
CVE-2023-41166
PUBLISHED
CVSS 5.300000190734863 MEDIUM
An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. It's possible to know if a specific user account exists on the SNS firewall by using remote access commands.
EPSS 0.23% · 46.1th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.23%
46.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| stormshield | stormshield_network_security | 3.7.0, 3.11.0, 4.3.0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-41166 (circl-sighting)
- CIRCL seen: CVE-2023-41166 (circl-sighting)
- https://advisories.stormshield.eu/2023-027 (circl)
Timeline
- Dec 18, 2023 CVE Published
- Dec 21, 2023 EPSS Score
- Dec 21, 2023 PoC Published
- Jan 14, 2024 PoC Published
- Jan 19, 2024 EPSS Score
- Feb 17, 2024 EPSS Score
- Mar 17, 2024 EPSS Score
- Apr 15, 2024 EPSS Score
- May 14, 2024 EPSS Score
- Jun 12, 2024 EPSS Score
- Jul 11, 2024 EPSS Score
- Aug 9, 2024 EPSS Score
References
- https://advisories.stormshield.eu/2023-024/ advisory
- https://advisories.stormshield.eu/2023-027/ advisory
- https://advisories.stormshield.eu/2023-031/ advisory
- https://advisories.stormshield.eu/2023-032/ advisory
- https://advisories.stormshield.eu/2023-027 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-41166 advisory