Resolved vulnerabilities in SNS 4.0.2

Authentication portal (captive portal)

New checks are now conducted during the verification of parameters used in the URL of the firewall's captive portal.

Details on this vulnerability (CVE-2020-8430) can be found on our website https://advisories.stormshield.eu.

CLI / Serverd commands

The CLI Serverd command CONFIG AUTOUPDATE SERVER has been enhanced so that the use of the "url" parameter is now better monitored.

Libfetch library

The vulnerability CVE-2020-7450 was fixed after a security patch was applied to the FreeBSD libfetch library.

Details on this vulnerability can be found on our website https://advisories.stormshield.eu.

Web administration interface

Additional checks are now implemented during the verification of parameters used in the URL of the firewall's web administration interface.

Details on this vulnerability can be found on our website https://advisories.stormshield.eu.