SNS : Split-brain mode on high-availability cluster (CVE-2021-3398)
Vulnerability details
A DoS attack on a SNS cluster can break the synchronisation between the master and the slave, leading to a split-brain mode, where both appliances are on “active” state.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
02/09/2022 |
Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 6.4 
|
Analysis
|
Impacted version
|
By triggering this vulnerability, the SNS cluster is set on split-brain mode, where both master and slave are Active.
|
- SNS 3.0.0 to 3.7.24
- SNS 3.8.0 to 3.11.12
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The 3.7.25 and 3.11.13 updates fix this vulnerability.
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Changed |
None |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
High |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |