Using Untrusted URIs for Revocation Checking (CVE-2022-40617)
Vulnerability details
The VPN IPSec Service on SNS may use untrusted OSCP URIs and CRL distribution points in certificates.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
11/17/2022 |
Reserved Publication |
v2 |
01/10/2023 |
Updated and disclosed |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5.7 
|
Analysis
|
Impacted version
|
An attacker could exploit this vulnerability by crafting a certificate pointing to malicious website and causing a DOS of VPN IPSec service on SNS.
|
- SNS 3.11.1 to 3.11.19
- SNS 4.3.1 to 4.3.14
- SNS 4.5.1 to 4.5.3
|
Workaround solution
|
Solution
|
No workaround
|
The following versions fix this vulnerability:
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Unchanged |
None |
None |
Low |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Functional exploit exists |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |