OpenSSL’s SM2 decrypt algorithm vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-054 CVE-2021-3711 08/24/2021 medium v1

Vulnerability details

A vulnerability in OpenSSL’s SM2 decrypt algorithm has been discoverd, which when successfully exploited could lead to disclosure of sensitive information or Denial of Service.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted

Revisions

Version Date Description
v1  10/06/2021 Initial release

 



Stormshield Network Security

CVSS v3.1 Overall Score: 5.6      

Analysis

Impacted version

The successful exploitation of this vulnerability could allow an attacker to disclosure of sensitive information or cause a denial of service on flowing services: SSL Proxy, SSL VPN, IPSec VPN, Certificate authentication.

  • SNS 4.2.2 to 4.2.4

Workaround solution

Solution

There is no workaround solution.

4.2.5 fix this vulnerability



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed Low Low Low
CVSS Base score: 8.3 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 7.2 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Low
CVSS Environmental score: 5.6 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)