Intel processors multiple vulnerabilities

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2024-004 CVE-2023-32282 , CVE-2023-28746 07/11/2023 medium v3

Vulnerability details

Multiple vulnerabilities have been discovered on Intel CPU embedded on some SNS products.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted

Revisions

Version Date Description
v1 02/13/2024 Initial release
v2 03/13/2024 Update and disclosed
v3 03/14/2024 Correction on impacted versions


Stormshield Network Security

CVSS v3.1 Overall Score: 4.2      

Analysis

Impacted version

Multiple vulnerabilities have been discovered on Intel CPU embedded on the following SNS products:

  • SN-S-Series
  • SN520
  • 4.0.0 to 4.3.23
  • 4.4.0 to 4.7.2

Workaround solution

Solution

There is no workaround solution.

The following SNS versions will fix this vulnerability:

  • 4.7.3
  • 4.3.24


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local Low None None Changed High None None
CVSS Base score: 7.1 CVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 6.2 CVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
Low Low Low
CVSS Environmental score: 4.2 CVSS Vector: (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)