OpenSSL’s SM2 decrypt algorithm vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-054 CVE-2021-3711 08/24/2021 medium v1

Vulnerability details

A vulnerability in OpenSSL’s SM2 decrypt algorithm has been discoverd, which when successfully exploited could lead to disclosure of sensitive information or Denial of Service.

Impacted products

Stormshield Network Security medium SNS is impacted


Version Date Description
v1  10/06/2021 Initial release


Stormshield Network Security

CVSS v3.1 Overall Score: 5.6      


Impacted version

The successful exploitation of this vulnerability could allow an attacker to disclosure of sensitive information or cause a denial of service on flowing services: SSL Proxy, SSL VPN, IPSec VPN, Certificate authentication.

  • SNS 4.2.2 to 4.2.4

Workaround solution


There is no workaround solution.

4.2.5 fix this vulnerability

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed Low Low Low
CVSS Base score: 8.3 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 7.2 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Low
CVSS Environmental score: 5.6 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)