Skip to main content

StormShield Network Security EUVDEUVD-2026-41271

| CVE-2026-8482 MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2026-07-02 airbus GHSA-wcc8-vcvw-p9m3
4.3
CVSS 3.1 · Vendor: airbus
Share

Severity by source

Vendor (airbus) PRIMARY
4.3 MEDIUM
AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
4.3 MEDIUM

SSH management-plane access is adjacent (AV:A); high privilege required to reach CLI (PR:H); admin must issue the exposing command (UI:R); only confidentiality impacted via secret leakage (C:H/I:N/A:N).

3.1 AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
4.0 AV:A/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (airbus).

CVSS VectorVendor: airbus

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 10:22 vuln.today

DescriptionCVE.org

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)

There is a possible leak of secret information if administration commands have been passed with the CLI command line tool.

Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.

AnalysisAI

Secret credential leakage in StormShield Network Security's CLI tool exposes the proxy CA passphrase or TPM password to other users sharing an SSH session on the firewall appliance. Affected versions span three distinct branches - 4.3.0-4.3.41, 4.8.0-4.8.15, and 5.0.0-5.0.5 - and exploitation is gated behind SSH multiuser mode being explicitly enabled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain high-privilege SSH access to SNS management network
Delivery
Authenticate to firewall with SSH multiuser mode enabled
Exploit
Wait for administrator to issue sensitive CLI administration command
Execution
Read proxy CA passphrase or TPM password from shared observable output
Impact
Use captured secret to decrypt protected keys or forge certificates

Vulnerability AssessmentAI

Exploitation SSH multiuser mode must be explicitly enabled on the StormShield Network Security appliance - this is a non-default configuration that must be deliberately activated by an administrator. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 4.3 (Medium) accurately reflects the constrained exploitation conditions: adjacency requirement (AV:A), high privilege prerequisite (PR:H), and mandatory user interaction (UI:R) together mean a remote, unauthenticated attacker cannot exploit this directly. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious insider or attacker who has compromised a secondary SSH administrative account on an SNS appliance with SSH multiuser mode enabled monitors shared shell resources - such as process argument lists, command history files, or verbose logs - while a legitimate administrator issues a CLI administration command that includes the proxy CA passphrase or TPM password. The attacker captures the secret from this observable output and subsequently uses the TPM password to access hardware-protected cryptographic material or the CA passphrase to issue fraudulent certificates, enabling decryption of SSL-inspected traffic or broader credential theft. …
Remediation Consult the Stormshield advisory at https://advisories.stormshield.eu/2025-007/ for confirmed patched versions and upgrade instructions - exact fixed release numbers are not independently confirmed in the available data beyond the advisory reference itself. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-37434 CRITICAL POC
9.8 Aug 05

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header

CVE-2020-7465 CRITICAL POC
9.8 Oct 06

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet

CVE-2020-7466 HIGH POC
7.5 Oct 06

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication m

CVE-2023-20032 CRITICAL
9.8 Mar 01

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p

CVE-2025-48707 HIGH
7.5 Sep 25

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. Rated high severity (CVSS 7.5), this vulnera

CVE-2023-28616 HIGH
7.5 Dec 26

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x

CVE-2023-47091 HIGH
7.5 Dec 25

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through

CVE-2023-26095 HIGH
7.5 Aug 28

ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a cr

CVE-2022-40617 HIGH
7.5 Oct 31

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a craft

CVE-2022-27812 HIGH
7.5 Aug 24

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific for

CVE-2022-30279 HIGH
7.5 May 12

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. Rated high severity (CVSS 7.5), this v

CVE-2022-23989 HIGH
7.5 Mar 15

In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x b

Share

EUVD-2026-41271 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy