CVE-2023-34198

In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7.37, 3.8.0 through 3.11.24 before 3.11.25, 4.0.0 through 4.3.18 before 4.3.19, 4.4.0 through 4.6.5 before 4.6.6, and 4.7.0 before 4.7.1, the usage of a Network object created from an inactive DHCP interface in the filtering slot results in the usage of an object of the :any" type, which may have unexpected results for access control.

Published: Feb 29, 2024
Updated: May 4, 2025
CVE: CVE-2023-34198
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
stormshield / stormshield_network_security	4.7.0	4.7.0.x
stormshield / stormshield_network_security	4.4.0	4.6.6
stormshield / stormshield_network_security	4.0.0	4.3.19
stormshield / stormshield_network_security	3.8.0	3.11.25
stormshield / stormshield_network_security	1.0.0	3.7.37

https://advisories.stormshield.eu/2023-019

Vulnerability Database

289,697

CVE-2023-34198