IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Resolved vulnerabilities in SNS 3.7.13 LTSB
Web administration interface / Captive portal / Sponsorship
Additional controls have been implemented for connections via the web administration interface, the captive portal or sponsorship, to prevent JavaScript code or additional HTML tags from being executed through the optional disclaimer page.
Web administration interface
Several security mechanisms have been added as protection against clickjacking when users perform operations on an authentication page on the firewall.
FreeBSD
Vulnerabilities CVE-2019-15879 and CVE-2019-15880 relating to cryptodev were fixed after a FreeBSD security patch was applied.
OpenSSH
Vulnerability CVE-2016-8858 was fixed after the OpenSSL software suite was updated.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
OpenSSL
A vulnerability was fixed after the OpenSSL cryptographic library was updated.
XSS flaw
A vulnerability affecting the Users > Access privileges module, Detailed access tab in the web administration interface has been fixed.