Vulnerability in DHCP server and client
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2021-034 | CVE-2021-25217 | 05/26/2021 | medium | v2 |
Vulnerability details
A vulnerability in ISC-DHCP can allow an attacker to corrupt lease management of DHCP service.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | medium | SNS is impacted |
| Netasq | medium | Netasq is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 08/25/2021 | Initial release |
| v2 | 12/08/2021 | Updating information |
Stormshield Network Security |
CVSS v3.1 Overall Score: 4.4
|
Analysis |
Impacted version |
|
A vulnerability in ISC-DHCP allows an attacker to send a maliciously-crafted packed, in order to disturb the DHCP service. This happens only if the DHCP server or relay is activated on the SNS This can also happen if some SNS interfaces are configured to use DHCP (only on SN160, SN210 and SN310 models for this special case). |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The vulnerability is fixed in versions:
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Adjacent Network | Low | None | None | Unchanged | None | None | Low |
| CVSS Base score: 4.3 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 3.8 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C) |
| Confidentiality Requirement | Integrity Requirement | Availability Requirement |
|---|---|---|
| High | High | High |
| CVSS Environmental score: 4.4 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |
Netasq |
CVSS v3.1 Overall Score: 4.4
|
Analysis |
Impacted version |
|
A vulnerability in ISC-DHCP allows an attacker to send a maliciously-crafted packed, in order to disturb the DHCP service. This happens only if the DHCP server or relay is activated on the appliance |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
9.1.12 |
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Adjacent Network | Low | None | None | Unchanged | None | None | Low |
| CVSS Base score: 4.3 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 3.8 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C) |
| Confidentiality Requirement | Integrity Requirement | Availability Requirement |
|---|---|---|
| High | High | High |
| CVSS Environmental score: 4.4 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |