SMC: Unauthorized modification of Admin password

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-030 CVE-2023-44455 09/14/2023 high v1

Vulnerability details

A vulnerability has been identified that allows unauthorized modification of admin account password

Impacted products

Stormshield Management Center high SMC is impacted


Version Date Description
v1 09/15/2023 Initial release
v2 10/16/2023 Public release

Stormshield Management Center

CVSS v3.1 Overall Score: 7.9      


Impacted version

A vulnerability has been discovered that allows unauthorized modification of the admin account password.

The risk associated with this vulnerability is mitigated if the deployment recommendations for SMC, as describe in the installation guide, have been respected

  • SMC 3.3.0 to 3.3.3

  • SMC 3.4.0 to 3.4.2

Workaround solution


There is no workaround solution.



  • A specific patch is available for 3.3.x
  • The 3.4.3 update fixes this vulnerability for 3.4.x

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged High High High
CVSS Base score: 8.8 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 7.9 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 7.9 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)