D(HE)ater vulnerability on HTTPS

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-004 CVE-2002-20001 02/11/2022 medium v3

Vulnerability details

The HTTPS algorithm selection can leads to a high CPU consumption.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted

Revisions

Version Date Description
v1 02/21/2023 Initial release
v2 08/31/2023 Edit impacted versions
v3 11/22/2023 Add workaround solution


Stormshield Network Security

CVSS v3.1 Overall Score: 5.5      

Analysis

Impacted version

The HTTPS algorithm selection can leads to a high CPU consumption.

  • SNS 2.7.0 to 4.3.15
  • SNS 4.4.0 to 4.6.3

Workaround solution

Solution

Disabling those ciphers from “Paranoiac mode” on SSL connections can mitigate the risks of this vulnerability:

  • DHE-RSA-AES128-SHA
  • DHE-RSA-AES256-SHA
  • DHE-RSA-CAMELLIA128-SHA
  • DHE-RSA-CAMELLIA256-SHA
  • DHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES128-SHA256
  • DHE-RSA-AES256-SHA256

This action can be realized via the CONFIG AUTH HTTPS” CLI command.

Please note that disabling these ciphers may have an impact on some browser versions.

See the Stormshield Knowledge Base for more information about SSL ciphers configuration:
Configuration Guide – SSL/TLS configuration for admin and user authentication on the SNS
How to list the webadmin page ciphers?

 

The following versions fix this vulnerability

  • 4.3.16
  • 4.6.3
  • 4.7.0


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Unchanged None None Low
CVSS Base score: 5.3 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 4.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 5.5 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)