OpenSSL null reference pointer (CVE-2020-1971)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-062 CVE-2020-1971 11/18/2020 low v1

Vulnerability details

A vulnerability in OpenSSL could allow an attacker to initiate a crash of the application using a malformed field in a CRL. The attacker must be an SNS administrator or an administrator of an external trusted CA.

Impacted products

Stormshield Management Center low Patched in the 2.8.1


Version Date Description
v1   20/01/2021 Initial release
v2 21/01/2021 Correction of the excerpt section
v3 28/01/2021 Review impacted version


Stormshield Management Center

CVSS v2 Overall Score: 1.4      


Impacted version

On SMC the TLS server used to communicate with the Firewalls is vulnerable

  • SMC bellow 2.8.1

Workaround solution


There is no workaround solution.

The 2.8.1 update will fix this vulnerability.

Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None None None Partial
CVSS Base score: 2.6 CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Workaround Unconfirmed
CVSS Temporal score: 1.9 CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:UC)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 1.4 CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:UC/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)