ASQ SNMP DoS attack

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-010 03/03/2020 high v1

Vulnerability details

A null-pointer exception in the SNMP traffic processing can lead to an unexpected reboot of the firewall. This occurs only if a misconfiguration exists in the SNMP protocol of the SNS.

Impacted products

ProductsSeverityDetail
Stormshield Network Security high impacted

Revisions

Version Date Description
v1  07/04/2020 Initial release


Stormshield Network Security

CVSS v2 Overall Score: 7.2      

Analysis

Impacted version

If the SNMP blacklists and whitelists are misconfigured, an attacker can send continuous SNMP traffic through the firewall in order to provoke a continuing reboot of the SNS.
  • SNS 3.0.0 to 3.7.11
  • SNS 3.8.0 to 3.10.1
  • SNS 4.0.0 to 4.0.2

Workaround solution

Solution

The inputs in the blacklists and whitelists configured in the SNMP plugin must be valid, as shown in the documentation examples : https://documentation.stormshield.eu/SNS/v3/en/Content/User_Configuration_Manual_SNS_v3/Protocols/SNMP.htm

For example, write only OIDs with a valid form, like 1.3.6.1.2.1.1

The vulnerability is fixed in versions:

  • SNS 3.7.12
  • SNS 3.10.2
  • SNS 4.0.3


Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Medium None None None Complete
CVSS Base score: 7.1 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.3 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
Medium-High High [76-100%]
CVSS Environmental score: 7.2 CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:ND/IR:ND/AR:ND)