Possible RCE by triggering ASQ vulnerability
Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
---|---|---|---|---|
STORM-2021-020 | CVE-2021-31617 | 04/22/2021 | high | v2 |
Vulnerability details
An error in the memory management of the ASQ module can lead to DoS or remote code execution.
Impacted products
Products | Severity | Detail |
---|---|---|
Stormshield Network Security | high | SNS is impacted |
Revisions
Version | Date | Description |
---|---|---|
v1 | 08/25/2021 | Initial release |
v2 | 12/08/2021 | Updating information |
Stormshield Network Security |
CVSS v3.1 Overall Score: 7.3 |
Analysis |
Impacted version |
An error in the memory management of the ASQ module can lead to DoS or remote code execution. The error is present in RTSP and MGCP protocol handling code. For the case of MGCP, it is only possible if the default protocol alarms are disabled. |
|
Workaround solution |
Solution |
There is no workaround solution. |
The vulnerability is fixed in versions:
|
Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
---|---|---|---|---|---|---|---|
Network | High | None | None | Unchanged | High | High | High |
CVSS Base score: 8.1 | CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) |
Exploit Code Maturity | Remediation Level | Report Confidence |
---|---|---|
Proof of concept code | Official fix | Confirmed |
CVSS Temporal score: 7.3 | CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) |
Confidentiality Requirement | Integrity Requirement | Availability Requirement |
---|---|---|
High | High | High |
CVSS Environmental score: 7.3 | CVSS Vector: (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |