OpenSSL security release (CVE-2022-0778)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2022-011 CVE-2022-0778 03/21/2022 low v1

Vulnerability details

There was a vulnerability in OpenSSL (CVE-2022-0778), in a function that scans certificates, this would allow an attacker to provoke a Denial of Service (DoS) on SMC in versions lower than 3.1.6.

Impacted products

ProductsSeverityDetail
Stormshield Management Center low Impacted

Revisions

Version Date Description
v1  2022/03/25 Initial release

 



Stormshield Management Center

CVSS v3.1 Overall Score: 2.3      

Analysis

Impacted version

There was a vulnerability in OpenSSL (CVE-2022-0778), in a function that scans certificates, this would allow an attacker to provoke a Denial of Service (DoS) on SMC in versions lower than 3.1.6.

< v3.1.6

Workaround solution

Solution

Ensure all certificates imported on SMC come from a trusted Authority or PKI.

SMC v3.1.6



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local High High Required Unchanged None None Low
CVSS Base score: 1.8 CVSS Vector: (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 1.7 CVSS Vector: (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Medium High High
CVSS Environmental score: 2.3 CVSS Vector: (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C/CR:M/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)