SNS : Split-brain mode on high-availability cluster (CVE-2021-3398)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-001 CVE-2021-3398 11/24/2020 medium v1

Vulnerability details

A DoS attack on a SNS cluster can break the synchronisation between the master and the slave, leading to a split-brain mode, where both appliances are on “active” state.

Impacted products

Stormshield Network Security medium SNS is impacted


Version Date Description
v1  02/09/2022 Initial release


Stormshield Network Security

CVSS v3.1 Overall Score: 6.4      


Impacted version

By triggering this vulnerability, the SNS cluster is set on split-brain mode, where both master and slave are Active.

  • SNS 3.0.0 to 3.7.24
  • SNS 3.8.0 to 3.11.12

Workaround solution


There is no workaround solution.

The 3.7.25 and 3.11.13 updates fix this vulnerability.

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed None None Low
CVSS Base score: 5.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
High Official fix Confirmed
CVSS Temporal score: 5.6 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:H/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 6.4 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:H/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)