strongSwan denial-of-service vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2017-001 CVE-2017-9023 05/30/2017 medium v1

Vulnerability details

A specifically crafted certificate could cause a denial of service in strongSwan.

Products

ProductSeverityDetail
Stormshield Network Security medium SNS uses a vulnerable version of strongSwan
Stormshield Endpoint Security

None

SES does not use strongSwan
Stormshield Data Security

None

SDS does not use strongSwan
Fast360

None

Fast does not use strongSwan
Netasq

None

Netasq does not use strongSwan

Revisions

Version Date Description
v1  05/30/2017 Initial release

 



Stormshield Network Security

CVSS Overall Score: 6.8      

Analysis

Impacted version

A specifically crafted certificate could cause a denial of service in SNS VPN service.
If sent multiple times the SNS will end up timing out on every incoming connexion.
Already estiblished tunnels will continue to work normally but they won’t be renegociated.

  • SNS 3.0.0 to 3.2.0
  • SNS 2.0.0 to 2.7.1

Workaround solution

Solution

  • Use PSK instead of x509

or

  • Disable VPN service

The 3.2.1 and 2.7.2 updates fixes this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None None None Complete
CVSS Base score: 7.8 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Remediation Level Report Confidence
High Official fix Confirmed
CVSS Temporal score: 6.8 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 6.8 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C/CDP:N/TD:H)