ZombieLoad

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-006 CVE-2018-12130 05/16/2019 low v1

Vulnerability details

ZombieLoad exploits critical vulnerabilities in modern Intel® processors. These hardware bugs allow programs to steal data while being processed on the computer.

ZombieLoad breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

Products

ProductSeverityDetail
Stormshield Network Security low SNS uses a vulnerable version of processor
Stormshield Endpoint Security

None

SES is not concerned by hardware bug. You should keep your OS up to date in order to be protected.
Stormshield Data Security

None

SDS is not concerned by hardware bug. You should keep your OS up to date in order to be protected.
Fast360 low FAST appliances are shipped with a vulnerable version of CPUs
Netasq low Netasq appliances are shipped with a vulnerable version of CPUs

Revisions

Version Date Description
v1 05/16/2019 Initial release

 



Stormshield Network Security

CVSS Overall Score: 3.1      

Analysis

Impacted version

This vulnerability could allow an attacker with a local access (ability to run on SNS his own code or script) to the appliance to leak sensitive information.

This vulnerability is useless for an attacker who already have administrator access because an administrator is the highest privileges on the appliance.

As this vulnerability can only be exploited locally, it can not provide an external attacker access to an SNS appliance.

This vulnerability is mitigated when hyperthreading is disabled on the processor.

Concerning virtual appliances or administration tools like Stromshield Visibility Center or Stormshield Management Center you should ensure your hypervisor is up to date.

  • SN510
  • SN710
  • SN910
  • SN2000
  • SN3000
  • SN6000
  • SN2100
  • SN3100
  • SN6100
  • SNi40

Workaround solution

Solution

Keep your appliances updated in order to limit the exploitation of other vulnerabilities that could let an attacker exploit the ZombieLoad vulnerability in order to get higher privileges.

As stated in the analysis, this attack can only be run locally on a hyperthreaded processor; SNS is not using hyperthreading and allows only one user locally, this user already has the highest priviledges. Therefore this vulnerability will not provide more priviledges than the current user. Consequently, SNS users are not put at risk and no fix needs to be applied.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Local Low Single Complete None None
CVSS Base score: 4.6 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Unavailable Confirmed
CVSS Temporal score: 4.1 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N/E:POC/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.1 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:M)


Fast360

CVSS Overall Score: 3.1      

Analysis

Impacted version

This vulnerability could allow an attacker with a local access to the appliance to leak sensitive information.

This vulnerability is useless for an attacker who already have administrator access because an administrator is the highest privileges on the appliance.
It means that this vulnerability is only useful for an attacker exploiting another old vulnerability on the appliance.

Consequently, it is highly recommended to keep your appliances updated.

  • P80XL
  • P150XL
  • P250XL
  • PSX3

Workaround solution

Solution

Keep your appliances updated in order to limit the exploitation of other vulnerabilities that could let an attacker exploit the ZombieLoad vulnerability in order to get higher privileges.

As stated in the analysis, the ZombieLoad vulnerability requires a local access to the appliance. The only user being able to run code on the appliance is the administrator who already has the highest privileges. Consequently, Fast users are not put at risk and no fix needs to be applied.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Local Low Single Complete None None
CVSS Base score: 4.6 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Unavailable Confirmed
CVSS Temporal score: 4.1 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N/E:POC/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.1 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:M)


Netasq

CVSS Overall Score: 3.1      

Analysis

Impacted version

This vulnerability could allow an attacker with a local access to the appliance to leak sensitive information.

This vulnerability is useless for an attacker who already have administrator access because an administrator is the highest privileges on the appliance.
As this vulnerability can only be exploited locally, it can not provide an external attacker access to an SNS appliance.

This vulnerability is mitigated when hyperthreading is disabled on the processor.

Consequently, it is highly recommended to keep your appliances updated.

  • NG1000
  • NG5000

Workaround solution

Solution

Keep your appliances updated in order to limit the exploitation of other vulnerabilities that could let an attacker exploit the ZombieLoad vulnerability in order to get higher privileges.

As stated in the analysis, this attack can only be run locally on a hyperthreaded processor; SNS is not using hyperthreading and allows only one user locally, this user already has the highest priviledges. Therefore this vulnerability will not provide more priviledges than the current user. Consequently, SNS users are not put at risk and no fix needs to be applied.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Local Low Single Complete None None
CVSS Base score: 4.6 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Proof of concept code Unavailable Confirmed
CVSS Temporal score: 4.1 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N/E:POC/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.1 CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:N/A:N/E:POC/RL:U/RC:C/CDP:N/TD:M)