Vulnerability in DHCP server and client
Vulnerability details
A vulnerability in ISC-DHCP can allow an attacker to corrupt lease management of DHCP service.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
08/25/2021 |
Initial release |
v2 |
12/08/2021 |
Updating information |
Stormshield Network Security |
CVSS v3.1 Overall Score: 4.4 
|
Analysis
|
Impacted version
|
A vulnerability in ISC-DHCP allows an attacker to send a maliciously-crafted packed, in order to disturb the DHCP service.
This happens only if the DHCP server or relay is activated on the SNS
This can also happen if some SNS interfaces are configured to use DHCP (only on SN160, SN210 and SN310 models for this special case).
|
- SNS 2.0.0 to 2.7.8
- SNS 3.7.6 to 3.7.20
- SNS 3.8.0 to 3.11.8
- SNS 4.0.1 to 4.2.2
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The vulnerability is fixed in versions:
- 2.7.9
- 3.7.21
- 3.11.9
- 4.2.3
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Adjacent Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |
Netasq |
CVSS v3.1 Overall Score: 4.4 
|
Analysis
|
Impacted version
|
A vulnerability in ISC-DHCP allows an attacker to send a maliciously-crafted packed, in order to disturb the DHCP service.
This happens only if the DHCP server or relay is activated on the appliance
|
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
9.1.12
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Adjacent Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |