Multiple Vulnerabilities in IPMI for SN6100 appliances
Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
---|---|---|---|---|
STORM-2023-033 | CVE-2021-26727 , CVE-2021-26728 , CVE-2021-26729 , CVE-2021-26730 , CVE-2021-26731 , CVE-2021-26732 , CVE-2021-26733 , CVE-2021-44776 , CVE-2021-44467 | 06/12/2023 | low | v1 |
Vulnerability details
The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware (BIOS or UEFI) and operating system. The IPMI firmware version embedded in SN6100 has to be updated in order to solve security issues.
Impacted products
Products | Severity | Detail |
---|---|---|
Stormshield Network Security | low | SN6100 appliances produced before jan. 2024 ship a vulnerable IPMI |
Revisions
Version | Date | Description |
---|---|---|
v1 | 03/27/2025 | Initial release |

Stormshield Network Security |
CVSS v3.1 Overall Score: 3.1
|
Analysis |
Impacted version |
The vulnerabilities identified here are of the following types: By default, SN6100 is not impacted as the default BIOS configuration applied to SNS products does not offer the possibility of exploiting these various vulnerabilities. Only SN6100 appliances with IPMI revision <1.86 enabled are vulnerable. It’s possible to check the IPMI firmware revision on SN6100 appliances using the following command in SNS shell: Only IPMI firmware lower than 1.86 is impacted by these vulnerabilities. Technical notes about the IPMI firmware update are available on the Stormshield documentation website. To enforce Stormshield products security, we recommend to follow the RECOMMENDATIONS FOR THE SECURE CONFIGURATION OF AN SNS FIREWALL. |
|
Workaround solution |
Solution |
If enabled, disabling IPMI in the product’s BIOS settings can effectively prevent exploitation of this vulnerability. |
The 1.86 IPMI update available on the Stormshield website (in TOOLS section) will fix these vulnerabilities. |
Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
---|---|---|---|---|---|---|---|
Network | High | None | Required | Unchanged | None | None | High |
CVSS Base score: 5.3 | CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) |
Exploit Code Maturity | Remediation Level | Report Confidence |
---|---|---|
Unproven that exploit exists | Official fix | Confirmed |
CVSS Temporal score: 4.6 | CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C) |
Confidentiality Requirement | Integrity Requirement | Availability Requirement |
---|---|---|
Low | Low | Low |
CVSS Environmental score: 3.1 | CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |
