Lack of check with SSL authentication on the SNS web interface

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2019-029 08/06/2019 medium v1

Vulnerability details

It is possible to impersonate an administrator on the SNS web admin interface under certain circumstances.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium impacted

Revisions

Version Date Description
v1  12/18/2020 Initial release
v2  03/01/2021 Update “Solution” section


Stormshield Network Security

CVSS v2 Overall Score: 5.1      

Analysis

Impacted version

It is possible to impersonate an administrator on the SNS web-administration interface under certain circumstances.

 

If the SSL method of authentication is configured with a CA and an administrator (stored in a LDAP directory) is allowed to authenticate on the SNS then an attacker that have this CA can forge a valid certificate to impersonate the administrator by guessing partial information of a legitimate administrator.
  • SNS 2.0.0 to 2.7.7
  • SNS 3.0.0 to 3.7.14
  • SNS 3.8.0 to 3.11.2
  • SNS 4.0.0 to 4.1.2

Workaround solution

Solution

No workaround

The vulnerability is fixed in versions:

  • SNS 2.7.8
  • SNS 3.7.15
  • SNS 3.11.3
  • SNS 4.1.3


Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Local High Single Complete Complete Complete
CVSS Base score: 6 CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Unavailable Confirmed
CVSS Temporal score: 5.1 CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.1 CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)