Foreshadow and Foreshadow-NG
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2018-005 | CVE-2018-3615 , CVE-2018-3620 , CVE-2018-3646 | 08/14/2018 | low | v1 |
Vulnerability details
Foreshadow and Foreshadow-NG are two novel variants of the Meltdown attack that exploit critical vulnerabilities in Intel processors. These attacks – also referred to as “L1 Terminal Fault” attacks – allow an attacker with a local access to leak sensitive informtion residing in the operating system’s kernel, in the hypervisor, in the System Management Mode or in SGX-protected memory. An attacker running a malicious virtual machine can also infer secret data residing on co-hosted guest virtual machines.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | low | SNS uses a vulnerable version of processor |
| Fast360 | low | FAST uses a vulnerable version of processor |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 3.2
|
Analysis |
Impacted version |
|
The exploitation of the vulnerabilities CVE-2018-3620 and CVE-2018-3646 (Foreshadow-NG) could allow a local attacker (ability to run on SNS his own code or script) to the appliance to leak sensitive information. Those vulnerabilities are useless for an attacker who already have administrator access because an administrator has the highest privileges on the appliance. It also means that those vulnerabilities aren’t useful for an external attacker to get local access to an SNS appliance. SNS appliances are not vulnerable to the CVE-2018-3615 (Foreshadow). SGX is not enabled on the SNS appliances. Concerning virtual appliances or administration tools like Stormshield Visibility Center or Stormshield Management Center you should ensure your hypervisor is up-to-date. |
|
Workaround solution |
Solution |
|
Keep your appliances updated in order to limit the exploitation of other vulnerabilities that could let an attacker exploit the L1TF vulnerabilities in order to get higher privileges. |
As stated in the analysis, the Foreshadow and Foreshadow-NG vulnerabilities require a local access to the appliance. The only user being able to run code on the appliance is the administrator who already has the highest privileges. Consequently, SNS users are not put at risk and no fix needs to be applied. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Local | Medium | None | Complete | None | None |
| CVSS Base score: 4.7 | CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Proof of concept code | Unavailable | Confirmed |
| CVSS Temporal score: 4.2 | CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N/E:POC/RL:U/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | Medium [26-75%] |
| CVSS Environmental score: 3.2 | CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND) |
Fast360 |
CVSS v2 Overall Score: 3.2
|
Analysis |
Impacted version |
|
These vulnerabilities could allow an attacker with a local access to the appliance to leak sensitive information. Those vulnerabilities are useless for an attacker who already have administrator access because an administrator has the highest privileges on the appliance. Consequently, it is highly recommended to keep your appliances updated. |
|
Workaround solution |
Solution |
|
Keep your appliances updated in order to limit the exploitation of other vulnerabilities that could let an attacker exploit the L1TF vulnerabilities in order to get higher privileges. |
As stated in the analysis, the L1TF vulnerabilities require a local access to the appliance. The only user being able to run code on the appliance is the administrator who already has the highest privileges. Consequently, Fast users are not put at risk and no fix needs to be applied. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Local | Medium | None | Complete | None | None |
| CVSS Base score: 4.7 | CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Proof of concept code | Unavailable | Confirmed |
| CVSS Temporal score: 4.2 | CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N/E:POC/RL:U/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | Medium [26-75%] |
| CVSS Environmental score: 3.2 | CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND) |