Stormshield Network VPN Client : Multiple critical vulnerabilities

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-004 04/18/2019 high v1

Vulnerability details

Multiple vulnerabilities in Stormshield Network VPN Client can lead to denial of service, man in the middle or privilege escalation.

 

Products

ProductSeverityDetail
Stormshield Network Security high Multiple vulnerabilities in Stormshield Network VPN Client can lead to denial of service, man in the middle or privilege escalation.
Stormshield Endpoint Security

None

Not impacted
Stormshield Data Security

None

Not impacted
Fast360

None

Not impacted
Netasq

None

Not impacted

Revisions

Version Date Description
v1 Initial release


Stormshield Network Security

CVSS Overall Score: 7.6      

Analysis

Impacted version

Multiple vulnerabilities in Stormshield Network VPN Client can lead to denial of service, man in the middle or privilege escalation.

Security advisory TheGreenBow: http://www.thegreenbow.com/advisory.html

Affected products: Stormshield Network VPN Client 6.4x

Fixed products: Stormshield Network VPN Client 6.62 (released in June 2019)

  • Stormshield Network VPN Client 6.4x

Workaround solution

Solution

There is no workaround solution.

Stormshield Network VPN Client 6.62 (released in June 2019) will fix these vulnerabilities.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None Complete None None
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Unavailable Confirmed
CVSS Temporal score: 6.1 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:C)
Collateral Damage Potential Target Distribution
Medium-High High [76-100%]
CVSS Environmental score: 7.6 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:C/CDP:MH/TD:H)