DoS on SNS Proxy

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-005 CVE-2021-28096 03/08/2021 medium v1

Vulnerability details

Risk of Deny of Service attack on the SNS proxy.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium impacted
Netasq medium Impacted

Revisions

Version Date Description
v1 08/25/2021 Initial release
V2 06/10/2021 Update Fix versions

 



Stormshield Network Security

CVSS v3.1 Overall Score: 4      

Analysis

Impacted version

An attacker can saturate the proxy connection table, which would result in the proxy denying any new connections.

No impact if the Proxy is not used.
  • SNS 2.0.0 to 2.7.8
  • SNS 3.7.6 to 3.7.20
  • SNS 3.8.0 to 3.11.8
  • SNS 4.0.1 to 4.2.2

Workaround solution

Solution

If you don’t use the proxy you are not impacted.

Apply QOS on the filtering rules that concern your proxyfied traffic.

If your proxy seems to be affected you can unstuck new connections by rebooting your proxy with `nrestart tproxyd`

The vulnerability is fixed in versions

  • 3.7.21
  • 3.11.9
  • 4.2.3

 



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged None None Low
CVSS Base score: 4.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Unknown
CVSS Temporal score: 3.5 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:U)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low High
CVSS Environmental score: 4 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:U/CR:L/IR:L/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)


Netasq

CVSS v3.1 Overall Score: 4      

Analysis

Impacted version

An attacker can saturate the proxy connection table, which would result in the proxy denying any new connections.

 
  • Netasq 9.0.9 to 9.1.11

Workaround solution

Solution

If you don’t use the proxy you are not impacted.

Apply QOS on the filtering rules that concern your proxyfied traffic.

If your proxy seems to be affected you can unstuck new connections by rebooting your proxy with `nrestart tproxyd`

There is no solution



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged None None Low
CVSS Base score: 4.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Unknown
CVSS Temporal score: 3.5 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:U)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low High
CVSS Environmental score: 4 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:U/CR:L/IR:L/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)