Denial of service with OpenSSH
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2020-013 | CVE-2016-8858 | 07/15/2020 | medium | v1 |
Vulnerability details
The version of OpenSSH used on SNS 3.X is vulnerable to a DOS type vulnerability.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | medium | SNS 3.X is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 07/15/2020 | Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 4.1
|
Analysis |
Impacted version |
|
A remote attacker may cause a target OpenSSH server to allocate an excessive amount of memory (up to 384MB per connection) as a result of processing numerous KEXINIT requests normally made during the SSH protocol key negotiation process. SSH must be enabled on the firewall (ssh is disabled by default) and it must be accessible to exploit the vulnerability. |
|
Workaround solution |
Solution |
|
Limit the SSH remote access to administrators only, or disable it.
|
Version 3.7.13 and 3.11.1 fixes this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Medium | None | None | None | Partial |
| CVSS Base score: 4.3 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Functionnal exploits exists | Official fix | Confirmed |
| CVSS Temporal score: 3.6 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| Low-Medium | Medium [26-75%] |
| CVSS Environmental score: 4.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C/CDP:LM/TD:M/CR:ND/IR:ND/AR:ND) |