SNS: Dos due to OpenSSL certificate handling vulnerability (CVE-2022-0778)
Vulnerability details
Risk of DoS on SNS services due to OpenSSL certificate handling vulnerability
Impacted products
Revisions
Version |
Date |
Description |
v1 |
04/06/2022 |
Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 8.4 
|
Analysis
|
Impacted version
|
An attacker could exploit this vulnerability via forged certificate making services using SSL (VPNSSL, proxy , …) loop forever.
SNS may mitigate this vulnerability by restarting frozen services but the attacker will still be able to freeze them again.
|
-
SNS 2.7.0 to 2.7.9
-
SNS 3.7.0 to 3.7.26
-
SNS 3.11.0 to 3.11.14
-
SNS 4.2.0 to 4.2.10
-
SNS 4.3.0 to 4.3.6
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The following versions fix this vulnerability:
- 2.7.10
- 3.7.27
- 3.11.15
- 4.2.11
- 4.3.7
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |