Wrong filter policy with DHCP

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-019 CVE-2023-34198 03/03/2023 low v4

Vulnerability details

If the interface configured in “DHCP client mode” is turned off, the network object IPs related to this interface are changed to “any” in the filter rules

Impacted products

ProductsSeverityDetail
Stormshield Network Security low SNS is impacted

Revisions

Version Date Description
v1 06/16/2023 Publication
v2 06/19/2023 Update versions
v3 06/19/2023 Update description and fix CVSS scoring


Stormshield Network Security

CVSS v3.1 Overall Score: 3.3      

Analysis

Impacted version

If a filter rule is created with a network object created from an interface in “DHCP client mode“, and that interface is turned to off, the network object is considered as “Any“.

Note: network object created from an interface in “DHCP client mode” (like “network_) covers adjacent network provided by the DHCP service. So it’s typically restricted to distributed IP and his gateway, provided by the ISP. Usage of this network object in filtering rules is really unusual.

 

 
  • SNS 1.0.0 to 3.7.36
  • SNS 3.8.0 to 3.11.24
  • SNS 4.0.0 to 4.3.18
  • SNS 4.4.0 to 4.6.5
  • SNS 4.7.0

Workaround solution

Solution

  • If you disable an interface in DHCP client mode, set a temporary IP address rather than DHCP.
  • Do not use interface’s network objects if the interface is in DHCP mode and disabled.

The following versions fix this vulnerability

  • 3.7.37
  • 3.11.25
  • 4.3.19
  • 4.6.6
  • 4.7.1


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged None Low None
CVSS Base score: 4.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Confirmed
CVSS Temporal score: 3.9 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High Low Low
CVSS Environmental score: 3.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C/CR:H/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)