Multiple vulnerabilities in curl library

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-002 CVE-2015-3236 , CVE-2015-3237 , CVE-2016-8616 , CVE-2016-9594 , CVE-2017-2629 , CVE-2016-5419 , CVE-2016-5420 , CVE-2017-7468 , CVE-2016-8618 , CVE-2016-8619 , CVE-2016-9586 , CVE-2017-8816 , CVE-2017-8817 , CVE-2017-8818 , CVE-2017-1000101 , CVE-2018-16839 , CVE-2018-16842 , CVE-2018-1000120 , CVE-2018-1000121 , CVE-2018-1000122 , CVE-2018-1000300 , CVE-2016-7167 , CVE-2016-8622 , CVE-2017-1000254 , CVE-2018-16890 , CVE-2019-3822 , CVE-2016-0755 , CVE-2016-8615 , CVE-2016-8624 , CVE-2016-8625 , CVE-2016-5421 , CVE-2017-1000100 04/12/2019 medium v2

Vulnerability details

Multiple vulnerabilities in cURL library can lead to denial of service, arbitrary code execution or traffic inteception.

 

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium The SNS products embed a vulnerable version of the cURL library.

Revisions

Version Date Description
v1 Initial release
v2 08/27/2019 Add FAST360 status


Stormshield Network Security

CVSS v2 Overall Score: 5.6      

Analysis

Impacted version

Several vulnerabilities in cURL libraries allows:

-Arbitrary code execution, or

-Traffic interception, leading to update a SNS firewall with a rogue firmware

  • SNS 2.10.0 and 2.12.0
  • SNS 3.4.0 to 3.4.3
  • SNS 3.5.0 to 3.5.2
  • SNS 3.6.0 and 3.6.1
  • SNS 3.7.0 to 3.7.3
  • SNS 3.8.0

Workaround solution

Solution

There is no workaround solution.

The 3.7.4, 3.8.1 and 2.14 update fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None Complete Complete Complete
CVSS Base score: 7.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)