SNS: Numerous connections to OpenVPN service lead to loopback saturation (CVE-2022-23989)
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2022-003 | CVE-2022-23989 | 01/01/2022 | high | v1 |
Vulnerability details
Numerous connections on the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network Security | high | SNS is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 02/09/2022 |
Reserved Publication
|
| v2 | 03/15/2022 |
Updated and disclosed
|
Stormshield Network Security |
CVSS v3.1 Overall Score: 8.6
|
Analysis |
Impacted version |
|
An attacker could exploit this vulnerability via forged and properly timed traffic to cause a denial of service. |
|
Workaround solution |
Solution |
|
There is no workaround solution. |
The following versions fix this vulnerability:
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Network | Low | None | None | Unchanged | None | None | High |
| CVSS Base score: 7.5 | CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Functional exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 7 | CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C) |
| Confidentiality Requirement | Integrity Requirement | Availability Requirement |
|---|---|---|
| High | High | High |
| CVSS Environmental score: 8.6 | CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |