SMC TLS configuration

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-024 05/09/2019 medium v1

Vulnerability details

Cipher suites list might be reduced to RGS v2 compliants ones.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium fixed

Revisions

Version Date Description
v1 Initial release


Stormshield Network Security

CVSS v2 Overall Score: 6.9      

Analysis

Impacted version

Some of cipher suites availables in TLS handshake were deprecated. None of these have been cracked for now.

  • SMC 1.0.0 to 2.6.1

Workaround solution

Solution

Choose modern browsers in order to force usage of modern ciphers suites.

The 2.6.2 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None Complete Partial Partial
CVSS Base score: 6.6 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:P/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 4.9 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:P/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Medium-High High [76-100%]
CVSS Environmental score: 6.9 CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:P/A:P/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:ND/IR:ND/AR:ND)