Skip to main content

Stormshield Network Security CVE-2022-30279

HIGH
NULL Pointer Dereference (CWE-476)
2022-05-12 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 12, 2022 - 15:15 nvd
HIGH 7.5

DescriptionNVD

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash.

AnalysisAI

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. The event logging of the ASQ sofbus lacbus plugin triggers the dereferencing of a NULL pointer, leading to a crash of SNS. An attacker could exploit this vulnerability via forged sofbus lacbus traffic to cause a firmware crash. Affected products include: Stormshield Stormshield Network Security. Version information: before 4.3.8..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2022-37434 CRITICAL POC
9.8 Aug 05

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header

CVE-2020-7465 CRITICAL POC
9.8 Oct 06

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet

CVE-2020-7466 HIGH POC
7.5 Oct 06

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication m

CVE-2023-20032 CRITICAL
9.8 Mar 01

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p

CVE-2025-48707 HIGH
7.5 Sep 25

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. Rated high severity (CVSS 7.5), this vulnera

CVE-2023-28616 HIGH
7.5 Dec 26

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x

CVE-2023-47091 HIGH
7.5 Dec 25

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through

CVE-2023-26095 HIGH
7.5 Aug 28

ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a cr

CVE-2022-40617 HIGH
7.5 Oct 31

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a craft

CVE-2022-27812 HIGH
7.5 Aug 24

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific for

CVE-2022-23989 HIGH
7.5 Mar 15

In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x b

CVE-2021-28127 HIGH
7.5 Jul 01

An issue was discovered in Stormshield SNS through 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely

Share

CVE-2022-30279 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy