Vulnerability in DHCP server and client

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-034 CVE-2021-25217 05/26/2021 medium v2

Vulnerability details

A vulnerability in ISC-DHCP can allow an attacker to corrupt lease management of DHCP service.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted
Netasq medium Netasq is impacted

Revisions

Version Date Description
v1 08/25/2021 Initial release
v2 12/08/2021 Updating information

 



Stormshield Network Security

CVSS v3.1 Overall Score: 4.4      

Analysis

Impacted version

A vulnerability in ISC-DHCP allows an attacker to send a maliciously-crafted packed, in order to disturb the DHCP service.

This happens only if the DHCP server or relay is activated on the SNS

This can also happen if some SNS interfaces are configured to use DHCP (only on SN160, SN210 and SN310 models for this special case).
  • SNS 2.0.0 to 2.7.8
  • SNS 3.7.6 to 3.7.20
  • SNS 3.8.0 to 3.11.8
  • SNS 4.0.1 to 4.2.2

Workaround solution

Solution

There is no workaround solution.

The vulnerability is fixed in versions:

  • 2.7.9
  • 3.7.21
  • 3.11.9
  • 4.2.3


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged None None Low
CVSS Base score: 4.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.8 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 4.4 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)


Netasq

CVSS v3.1 Overall Score: 4.4      

Analysis

Impacted version

A vulnerability in ISC-DHCP allows an attacker to send a maliciously-crafted packed, in order to disturb the DHCP service.

This happens only if the DHCP server or relay is activated on the appliance
  • Netasq 9.1.0 to 9.1.11

Workaround solution

Solution

There is no workaround solution.

9.1.12



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged None None Low
CVSS Base score: 4.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.8 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 4.4 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)