OpenSSL SSL_shutdown padding oracle
Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
---|---|---|---|---|
STORM-2019-001 | CVE-2019-1559 | 02/27/2019 | medium | v1 |
Vulnerability details
The behaviour of an application who calls SSL_shutdown function can be used as a padding oracle.
Its exploitation could allow an attacker to decrypt encrypted traffic.
Impacted products
Products | Severity | Detail |
---|---|---|
Stormshield Network Security | medium | The SNS products embed a vulnerable version of the OpenSSL library. |
Stormshield Endpoint Security | medium | The SES product embed a vulnerable version of the OpenSSL library. |
Revisions
Version | Date | Description |
---|---|---|
v1 | 04/01/2019 | Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 4.4 |
Analysis |
Impacted version |
This vulnerability could be exploited upon the HTTPS server used in SNS HMI to retrieve the administrator password. |
|
Workaround solution |
Solution |
Disabling the SNS HMI will prevent an attacker from exploiting this vulnerability. |
The 3.7.3, 3.8.1 and 2.14 update fix this vulnerability.
|
Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
---|---|---|---|---|---|
Adjacent Network | Medium | None | Complete | Complete | Complete |
CVSS Base score: 7.9 | CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:C/A:C) |
Exploitability | Remediation Level | Report Confidence |
---|---|---|
Unproven that exploit exists | Official fix | Confirmed |
CVSS Temporal score: 5.8 | CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C) |
Collateral Damage Potential | Target Distribution |
---|---|
None | Medium [26-75%] |
CVSS Environmental score: 4.4 | CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND) |
Stormshield Endpoint Security |
CVSS v2 Overall Score: 5.3 |
Analysis |
Impacted version |
The successful exploitation of this vulnerability could allow an attacker already present on the local network to decode traffic between SES servers and agents. This could possibly be used to retrieve the security policies (and logs generated by agents) and could be used to further conduct a successful attack on SES agents bypassing the security policies in place. This vulnerability could also be used to decrypt traffic between SES servers and administration consoles. This could possibly be used to retrieve the security policies and the SES server configurations, including SES server database connection password. This could be used to further alter the SES database contents if the database is reachable by the attacker. |
|
Workaround solution |
Solution |
In order to avoid database corruption, consider adding firewall rules on SES database servers to prevent connection from unknown entities. Only SES servers and administration consoles should be allowed to connect to the SES database servers. |
The 7.2.25 update fixes this vulnerability. The 6.0.31 update fixes this vulnerability. |
Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
---|---|---|---|---|---|
Adjacent Network | Medium | None | Partial | None | None |
CVSS Base score: 2.9 | CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:N/A:N) |
Exploitability | Remediation Level | Report Confidence |
---|---|---|
Unproven that exploit exists | Official fix | Confirmed |
CVSS Temporal score: 2.1 | CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C) |
Collateral Damage Potential | Target Distribution |
---|---|
Medium-High | High [76-100%] |
CVSS Environmental score: 5.3 | CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:ND/IR:ND/AR:ND) |