Certificate-based XSS in SNS

Certificate-based XSS in SNS

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2019-015		08/21/2019	medium	v1

Vulnerability details

XSS is possible in the SNS via crafted certificate

Impacted products

Products	Severity	Detail
Stormshield Network Security	medium	SNS is impacted

Revisions

Version	Date	Description
v1	06/10/2020	Initial release

Stormshield Network Security

CVSS v2 Overall Score: 5.4

Analysis	Impacted version
On an SNS firewall, a specially crafted certificate can lead to an XSS when viewed in HMI, which can result in session cookie stealing, or redirection to a phishing page.	SNS 2.0 to 2.7.6 SNS 2.8 to 2.15 SNS 3.0 to 3.7.11 SNS 3.8 to 3.9

Workaround solution	Solution
There is no workaround solution.	The SNS 2.7.7, 2.16.0, 3.7.12 and 3.10.0 updates fix this vulnerability.

Access vector	Access complexity	Authentication	Confidentiality impact	Integrity impact	Availability impact
Adjacent Network	Medium	Single	Complete	Complete	Complete

CVSS Base score: 7.4	CVSS Vector: (AV:A/AC:M/Au:S/C:C/I:C/A:C)

Exploitability	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Confirmed

CVSS Temporal score: 5.4	CVSS Vector: (AV:A/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Collateral Damage Potential	Target Distribution
None	High [76-100%]

CVSS Environmental score: 5.4	CVSS Vector: (AV:A/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data