Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-004 CVE-2020-7450 01/29/2020 medium v3

Vulnerability details

A buffer overflow can occur during the parsing of a specially forged url, thus can lead to denial of service or the execution of custom arbitrary code.

Impacted products

Stormshield Network Security medium impacted


Version Date Description
1 01/29/2020 Initial release
2 02/26/2020 Fix typo
3 05/15/2020 Fix version
4 06/10/2020 Fix version


Stormshield Network Security

CVSS v2 Overall Score: 5.6      


Impacted version

An attacker can send a malicious url to a service in the UTM in order to cause a denial of service or run arbitrary code, but the service has reduced permissions on the system so the effects are limited.

  • SNS 2.0.0 to 2.7.6
  • SNS 2.8.0 to 2.15.0
  • SNS 3.0.0 to 3.7.10
  • SNS 3.8.0 to 3.10.0
  • SNS 4.0.0 to 4.0.1

Workaround solution


There is no workaround solution.

The vulnerability is fixed in versions:


  • SNS >= 2.7.7
  • SNS >= 2.16.0
  • SNS >= 3.7.11
  • SNS >=3.10.1
  • SNS >= 4.0.2

Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low Single Complete None Partial
CVSS Base score: 7.5 CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.6 CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.6 CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)