L2TP & PPP protocols causing an Mpd5 crash

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-017 CVE-2020-7466 , CVE-2020-7465 01/01/2023 low v1

Vulnerability details

PPP and L2TP protocol implementation are subject to a memory corruption vulnerability that could lead to a crash of Mpd5 daemon. It could also lead to a potential RCE in the case of L2TP.

Impacted products

Stormshield Network Security low SNS is impacted


Version Date Description
v1 04/11/2023 Reserved Publication
v2 05/25/2023 Updated and disclosed

Stormshield Network Security

CVSS v3.1 Overall Score: 3      


Impacted version

An attacker needs to inject crafted packets between dial-in and dial-out in order to trigger a crash of Mpd5 daemon or an RCE. In the case of PPP the crafted message is an authentication message and in the case of L2TP it’s a control packet.



  • SNS 4.0.0 to 4.3.16
  • SNS 4.4.0 to 4.5.0

Workaround solution


There is no workaround solution.

The following versions fix this vulnerability

  • 4.3.17
  • 4.5.0

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network High None None Unchanged None Low Low
CVSS Base score: 4.2 CVSS Vector: (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Reasonable
CVSS Temporal score: 3.5 CVSS Vector: (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:R)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Medium
CVSS Environmental score: 3 CVSS Vector: (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:R/CR:L/IR:L/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)