A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
No advisories yet.
Solution
The following updates fix this vulnerability: * SNS 5.0.6 * SNS 4.8.16 * SNS 4.3.42
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://advisories.stormshield.eu/2026-002/ |
|
Wed, 01 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Stormshield
Stormshield stormshield Network Security |
|
| Vendors & Products |
Stormshield
Stormshield stormshield Network Security |
Wed, 01 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. | |
| Title | Connection possible to the Administration portal with a revoked certificate | |
| Weaknesses | CWE-295 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: airbus
Published:
Updated: 2026-07-01T15:45:32.124Z
Reserved: 2026-05-13T13:48:21.232Z
Link: CVE-2026-8480
Updated: 2026-07-01T15:45:27.327Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T10:15:15Z