SNS: Numerous connections to OpenVPN service lead to loopback saturation (CVE-2022-23989)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2022-003 CVE-2022-23989 01/01/2022 high v1

Vulnerability details

Numerous connections on the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable.

Impacted products

Stormshield Network Security high SNS is impacted


Version Date Description
v1  02/09/2022
Reserved Publication
v2  03/15/2022
Updated and disclosed


Stormshield Network Security

CVSS v3.1 Overall Score: 8.6      


Impacted version

An attacker could exploit this vulnerability via forged and properly timed traffic to cause a denial of service.

  • SNS 3.0.0 to 3.7.24
  • SNS 3.8.0 to 3.11.12
  • SNS 4.0.0 to 4.2.9
  • SNS 4.3.0 to 4.3.4

Workaround solution


There is no workaround solution.

The following versions fix this vulnerability:

  • 3.7.25
  • 3.11.13
  • 4.2.10
  • 4.3.5

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Unchanged None None High
CVSS Base score: 7.5 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploit Code Maturity Remediation Level Report Confidence
Functional exploit exists Official fix Confirmed
CVSS Temporal score: 7 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 8.6 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)