Bruteforce on SNS command-line service

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-013 08/08/2019 high v3

Vulnerability details

The command-line service of SNS (serverd) can be bruteforced. An attacker can remotely gain administrator rights on the firewall.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium The SNS (serverd) command-line service can be bruteforced. An attacker can remotely gain administrator rights on the firewall.
Netasq high impacted

Revisions

Version Date Description
v1 08/08/2019 Initial release
v2 09/03/2020 Add a workaround and update fix versions
v3 10/09/2020 Update “Workaround solution” section

 



Stormshield Network Security

CVSS v2 Overall Score: 6.2      

Analysis

Impacted version

The SNS (serverd) command-line service can be bruteforced, an attacker can remotely gain administrator rights on the firewall.
  • SNS 2.X
  • SNS 3.0.0 to 3.9.2
  • SNS 4.0.X

Workaround solution

Solution

Control and restrict administration API port usage:

  • If the ‘serverd’ implicit rule is disabled ( by default it’s the case ) ensure that you do not explicitely authorize traffic to the UTM to the service ‘serverd’ (port 1300 by default) from untrusted networks in your explicit filtering rules
  • If you have activated the ‘serverd’ implict rule ensure that serverd is only accessible via trusted networks by the explicit filtering rules
  • Monitor the access logs of the UTM.

For further details, please consult the document “SNS 2.7.4 ANSSI qualification – C7 condition”.

The 3.10.0 and 4.1.1 updates will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Adjacent Network Low None Complete Complete Complete
CVSS Base score: 8.3 CVSS Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 6.2 CVSS Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 6.2 CVSS Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 7.1      

Analysis

Impacted version

The command-line service of Netasq UTMs (serverd) can be bruteforced, an attacker can remotely gain administrator rights on the firewall.
  • Netasq 9.X

Workaround solution

Solution

There is no workaround solution.

No solution



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Adjacent Network Low None Complete Complete Complete
CVSS Base score: 8.3 CVSS Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Unavailable Confirmed
CVSS Temporal score: 7.1 CVSS Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 7.1 CVSS Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)