CVE-2023-28616

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 26, 2023

Updated: Aug 20, 2024

CWE ID 319

Summary

CVE-2023-28616 is a vulnerability affecting Stormshield Network Security (SNS) versions before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. This issue exposes user account passwords containing equals signs or spaces in cleartext. The impacted serverd process logs these sensitive credentials, and there is a risk that they will be transmitted to the Syslog component. This vulnerability presents a significant security risk and underscores the importance of secure password practices and timely software updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Stormshield Network Security

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t7Tk7l
https://www.cve.org/CVERecord?id=CVE-2023-28616
https://nvd.nist.gov/vuln/detail/CVE-2023-28616

Back to Vulnerability Database

CVE-2023-28616

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations