SNS DoS when using SSL Proxy (CVE-2021-37613)
Vulnerability details
If the SSL proxy is enabled and decrypts the trafic, it is possible to crash the SNS by sending a specific traffic.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
12/29/2021 |
Reserved publication |
v2 |
02/09/2022 |
Updated and disclosed |
Stormshield Network Security |
CVSS v3.1 Overall Score: 6.6 
|
Analysis
|
Impacted version
|
If the SSL proxy is enabled and is decrypting the traffic, some network transaction can be badly interpreted by the ASQ engine, leading to a reboot of the SNS.
|
- SNS 1.0.0 to 1.6.1
- SNS 2.0.0 to 2.7.8
- SNS 2.8.0 to 2.16.0
- SNS 3.0.0 to 3.7.24
- SNS 3.8.0 to 3.11.12
- SNS 4.0.0 to 4.2.7
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The vulnerability is fixed in versions
- 3.7.25
- 3.11.13
- 4.2.8
- 4.3.3
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Adjacent Network |
High |
None |
None |
Unchanged |
None |
None |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Functional exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |