Stormshield Network VPN Client : Buffer Overflow on licence activation http interface

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2022-013 TGB_2022_001 03/01/2022 medium v1

Vulnerability details

An attacker intercepting http trafic between the client and the licence server could insert data to initiate a buffer overflow on the client side.

Impacted products

ProductsSeverityDetail
Stormshield Network VPN Client medium Stormshield Network VPN is impacted

Revisions

Version Date Description
v1  04/21/2022 Initial release

 



Stormshield Network VPN Client

CVSS v3.1 Overall Score: 5.5      

Analysis

Impacted version

An attacker intercepting http trafic between the client and the licence server could insert data to initiate a buffer overflow on the client side.

https://www.thegreenbow.com/fr/support/alertes-securite#deeplink-12523   (TGB_2022_001)

 

Workaround solution

Solution

There is no workaround solution.

The version 6.87.108 fixes this vulnerability.



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network High None Required Unchanged Low Low High
CVSS Base score: 6.4 CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H)
Exploit Code Maturity Remediation Level Report Confidence
Functional exploit exists Official fix Unknown
CVSS Temporal score: 5.5 CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:F/RL:O/RC:U)
Confidentiality Requirement Integrity Requirement Availability Requirement
Medium Medium Medium
CVSS Environmental score: 5.5 CVSS Vector: (AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:F/RL:O/RC:U/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)