Description
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)
A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
No analysis available yet.
Remediation
Vendor Solution
The following updates fix this vulnerability: * SNS 5.0.6 * SNS 4.8.16 * SNS 4.3.42
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://advisories.stormshield.eu/2026-002/ |
|
History
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. | |
| Title | Connection possible to the Administration portal with a revoked certificate | |
| Weaknesses | CWE-295 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: airbus
Published:
Updated: 2026-07-01T15:45:32.124Z
Reserved: 2026-05-13T13:48:21.232Z
Link: CVE-2026-8480
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-295
Improper Certificate Validation