Certified VPN Client : Multiple critical vulnerabilities

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-003 04/18/2019 high v1

Vulnerability details

Multiple vulnerabilities in Certified VPN Client can lead to denial of service, man in the middle or privilege escalation.

Products

ProductSeverityDetail
Stormshield Network Security high Multiples vulnerabilities in Certified VPN Client can lead to denial of service, man in the middle or privilege escalation.
Stormshield Endpoint Security

None

Not impacted
Stormshield Data Security

None

Not impacted
Fast360

None

Not impacted
Netasq

None

Not impacted

Revisions

Version Date Description
v1 Initial release


Stormshield Network Security

CVSS Overall Score: 7.2      

Analysis

Impacted version

Multiple vulnerabilities in Certified VPN Client can lead to denial of service, man in the middle or privilege escalation.

Security advisory TheGreenBow: http://www.thegreenbow.com/advisory.html

Affected products: Certified VPN Client versions lower than 5.22.008

Fixed products: Certified VPN Client 5.22.008 (Available)

  • Certified VPN Client versions lower than 5.22.008

Workaround solution

Solution

There is no workaround solution.

Certified VPN Client 5.22.008 (Available) will fix these vulnerabilities.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None Complete None None
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.3 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Medium-High High [76-100%]
CVSS Environmental score: 7.2 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C/CDP:MH/TD:H)