Multiple vulnerabilities in curl library

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-002 CVE-2015-3236 , CVE-2015-3237 , CVE-2016-8616 , CVE-2016-9594 , CVE-2017-2629 , CVE-2016-5419 , CVE-2016-5420 , CVE-2017-7468 , CVE-2016-8618 , CVE-2016-8619 , CVE-2016-9586 , CVE-2017-8816 , CVE-2017-8817 , CVE-2017-8818 , CVE-2017-1000101 , CVE-2018-16839 , CVE-2018-16842 , CVE-2018-1000120 , CVE-2018-1000121 , CVE-2018-1000122 , CVE-2018-1000300 , CVE-2016-7167 , CVE-2016-8622 , CVE-2017-1000254 , CVE-2018-16890 , CVE-2019-3822 , CVE-2016-0755 , CVE-2016-8615 , CVE-2016-8624 , CVE-2016-8625 , CVE-2016-5421 , CVE-2017-1000100 04/12/2019 medium v1

Vulnerability details

Multiple vulnerabilities in cURL library can lead to denial of service, arbitrary code execution or traffic inteception.

 

Products

ProductSeverityDetail
Stormshield Network Security medium The SNS products embed a vulnerable version of the cURL library.
Stormshield Endpoint Security

None

Not impacted
Stormshield Data Security

None

Not impacted
Fast360

?

Under investigation
Netasq

None

Not impacted

Revisions

Version Date Description
v1 Initial release


Stormshield Network Security

CVSS Overall Score: 5.6      

Analysis

Impacted version

Several vulnerabilities in cURL libraries allows:

-Arbitrary code execution, or

-Traffic interception, leading to update a SNS firewall with a rogue firmware

  • SNS 2.10.0 and 2.12.0
  • SNS 3.4.0 to 3.4.3
  • SNS 3.5.0 to 3.5.2
  • SNS 3.6.0 and 3.6.1
  • SNS 3.7.0 to 3.7.3
  • SNS 3.8.0

Workaround solution

Solution

There is no workaround solution.

The 3.7.4, 3.8.1 and 2.14 update fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None Complete Complete Complete
CVSS Base score: 7.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C/CDP:N/TD:H)