Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-010 CVE-2022-4450 01/25/2023 low v1

Vulnerability details

Malicious PEM files may be able to achieve denial of service on IPSEC module.

Impacted products

Stormshield Network Security low SNS is impacted


Version Date Description
v1 02/21/2023 Initial release

Stormshield Network Security

CVSS v3.1 Overall Score: 3.9      


Impacted version

It is possible to construct a PEM file that results in 0 bytes of payload data. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

  • SNS 4.0.0 to 4.3.15
  • SNS 4.4.0 to 4.6.2

Workaround solution


There is no workaround solution.

The following versions fix this vulnerability

  • 4.3.16
  • 4.6.3

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network High None None Unchanged None None Low
CVSS Base score: 3.7 CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.2 CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 3.9 CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)