Multiple Vulnerabilities on OpenSSL

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2026-001 CVE-2024-13176 , CVE-2025-68160 , CVE-2025-69418 01/28/2026 low v1

Vulnerability details

Several vulnerabilities have been identified in OpenSSL, however SNS appliances are not impacted.

Update of 04/27/2026: SNS is not affected by these vulnerabilities because they require certain TLS features that are not enabled and used by SNS.

Impacted products

ProductsSeverityDetail
Stormshield Network Security low SNS is not impacted

Revisions

Version Date Description
v1 02/19/2026 Initial release
v2 04/27/2026 Update advisory status


Stormshield Network Security

CVSS v3.1 Overall Score: 0      

Analysis

Impacted version

SNS appliances rely on the OpenSSL component, and multiple vulnerabilities have been identified on OpenSSL, making the SNS firewalls usceptible to some kind of attacks.

Some distant attacker could exploit these vulnerabilities, by sending especially crafted files leading to a denial of service of the SSL protocol, a crash of the service or a remote code execution.

Update of 04/27/2026: SNS is not affected by these vulnerabilities because they require certain TLS features that are not enabled and used by SNS.

CVSS Score update from 4.1 (Medium) to 0;

 

Update of 04/27/2026 : These versions are not vulnerable, but they include a vulnerable version of OpenSSL.

  • SNS 5.0.0 to 5.0.4
  • SNS 4.4.0 to 4.8.14
  • SNS 4.3.0 to 4.3.41

Workaround solution

Solution

There is no workaround solution.

The following versions update Openssl:

  • SNS 5.0.5
  • SNS 4.8.15
  • SNS 4.3.42


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local High Low None Unchanged None None None
CVSS Base score: 0 CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 0 CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
Medium Medium Medium
CVSS Environmental score: 0 CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)