SNS : Split-brain mode on high-availability cluster (CVE-2021-3398)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-001 CVE-2021-3398 11/24/2020 medium v1

Vulnerability details

A DoS attack on a SNS cluster can break the synchronisation between the master and the slave, leading to a split-brain mode, where both appliances are on “active” state.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted

Revisions

Version Date Description
v1  02/09/2022 Initial release

 



Stormshield Network Security

CVSS v3.1 Overall Score: 6.4      

Analysis

Impacted version

By triggering this vulnerability, the SNS cluster is set on split-brain mode, where both master and slave are Active.
  • SNS 3.0.0 to 3.7.24
  • SNS 3.8.0 to 3.11.12

Workaround solution

Solution

There is no workaround solution.

The 3.7.25 and 3.11.13 updates fix this vulnerability.



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed None None Low
CVSS Base score: 5.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
High Official fix Confirmed
CVSS Temporal score: 5.6 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:H/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 6.4 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:H/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)