Description
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)
There is a possible leak of secret information if administration commands have been passed with the CLI command line tool.
Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
There is a possible leak of secret information if administration commands have been passed with the CLI command line tool.
Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
No analysis available yet.
Remediation
Vendor Solution
The following updates fix this vulnerability: * SNS 5.0.6 * SNS 4.8.16 * SNS 4.3.42
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://advisories.stormshield.eu/2025-007/ |
|
History
Thu, 02 Jul 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Stormshield
Stormshield stormshield Network Security |
|
| Vendors & Products |
Stormshield
Stormshield stormshield Network Security |
Thu, 02 Jul 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password. | |
| Title | Information leak in NSRPC client history | |
| Weaknesses | CWE-532 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: airbus
Published:
Updated: 2026-07-02T12:20:17.839Z
Reserved: 2026-05-13T14:04:22.661Z
Link: CVE-2026-8482
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T10:30:15Z
Weaknesses
-
CWE-532
Insertion of Sensitive Information into Log File