SNS: Open redirect on the captive portal

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-001 CVE-2020-8430 01/09/2020 medium v4

Vulnerability details

An attacker can steal a firewall administrator password, by redirecting him to a fake authentication page.


Stormshield is pleased to thank DIGITEMIS for reporting this issue under responsible disclosure.

Impacted products

Stormshield Network Security medium SNS is impacted


Version Date Description
v1 19/02/2020 Initial release
v2 24/02/2020 update workaround
v3 26/02/2020 fixed typo
V4  09/10/2020 Precision about Digitemis


Stormshield Network Security

CVSS v2 Overall Score: 5.9      


Impacted version

An attacker can craft a URL to the captive portal, containing a redirection link to its own domain. And send it to an administrator, in order to steal its credentials information.

  • SNS 3.0.0 to 3.7.10
  • SNS 3.8.0 to 3.10.0
  • SNS 4.0.0 to 4.0.1

Workaround solution


If the captive portal is enabled you can temporarily disable it until a fix version is installed.

If the captive portal is disabled (it is the case in the default configuration) the UTM is not impacted.


The 3.7.11, 3.10.1 and 4.0.2 updates fix this vulnerability.

Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None Complete None None
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Functionnal exploits exists Official fix Confirmed
CVSS Temporal score: 5.9 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 5.9 CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)