SMC TLS configuration
Advisory ID |
CVE Number |
Date discovered |
Severity |
Advisory revision |
STORM-2019-024 |
|
05/09/2019 |
medium |
v1 |
Vulnerability details
Cipher suites list might be reduced to RGS v2 compliants ones.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
|
Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 6.9
|
Analysis
|
Impacted version
|
Some of cipher suites availables in TLS handshake were deprecated. None of these have been cracked for now.
|
|
Workaround solution
|
Solution
|
Choose modern browsers in order to force usage of modern ciphers suites.
|
The 2.6.2 update will fix this vulnerability.
|
Access vector |
Access complexity |
Authentication |
Confidentiality impact |
Integrity impact |
Availability impact |
Network |
High |
None |
Complete |
Partial |
Partial |
Exploitability |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Collateral Damage Potential |
Target Distribution |
Medium-High |
High [76-100%] |