OpenSSL’s ASN.1parser vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-055 CVE-2021-3712 08/24/2021 medium v2

Vulnerability details

A vulnerability in OpenSSL’s ASN.1 parser has been discoverd, which when successfully exploited could lead to disclosure of sensitive information or Denial of Service.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted

Revisions

Version Date Description
v1 10/06/2021 Initial release
v2 12/08/2021 Updating information

 



Stormshield Network Security

CVSS v3.1 Overall Score: 5      

Analysis

Impacted version

The successful exploitation of this vulnerability could allow an attacker to disclosure of sensitive information or cause a denial of service on flowing services: SSL Proxy, SSL VPN, IPSec VPN, Certificate authentication.

 
  • SNS 2.0.0 to 2.7.8
  • SNS 2.8.0 to 2.16.0
  • SNS 3.0.0 to 3.7.20
  • SNS 3.8.0 to 3.11.8
  • SNS 4.0.0 to 4.2.4

Workaround solution

Solution

There is no workaround solution.

The vulnerability is fixed in versions:

  • 2.7.9
  • 3.7.21
  • 3.11.9
  • 4.2.5


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed Low None Low
CVSS Base score: 7.2 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 6.3 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
Low Low Low
CVSS Environmental score: 5 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)