Multiple Vulnerabilities on OpenSSL
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2026-001 | CVE-2024-13176 , CVE-2025-68160 , CVE-2025-69418 | 01/28/2026 | medium | v1 |
Vulnerability details
Several vulnerabilities have been identified in OpenSSL, impacting the SNS appliances.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | medium | SNS is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 02/19/2026 | Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 4.1
|
Analysis |
Impacted version |
|
SNS appliances rely on the OpenSSL component, and multiple vulnerabilities have been identified on OpenSSL, making the SNS firewalls susceptible to some kind of attacks. Some distant attacker could exploit these vulnerabilities, by sending especially crafted files leading to a denial of service of the SSL protocol, a crash of the service or a remote code execution.
|
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The following updates will fix this vulnerability:
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Local | High | Low | None | Unchanged | None | None | High |
| CVSS Base score: 4.7 | CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 4.1 | CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C) |
| Confidentiality Requirement (CR) | Integrity Requirement (IR) | Availability Requirement (AR) |
|---|---|---|
| Medium | Medium | Medium |
| CVSS Environmental score: 4.1 | CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |