SNS: Possible user enumeration with NSRPC

SNS: Possible user enumeration with NSRPC

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2023-027	CVE-2023-41166	07/13/2023	medium	v2

Vulnerability details

It may be possible to check if a user account exists on a SNS firewall.

Impacted products

Products	Severity	Detail
Stormshield Network Security	medium	SNS is impacted

Revisions

Version	Date	Description
v1	08/21/2023	Initial release
v2	12/15/2023	Update and disclose

Stormshield Network Security

CVSS v3.1 Overall Score: 4.2

Analysis	Impacted version
It’s possible to know if a specific user account exists on the SNS firewall by using remote access commands.	SNS 3.7.0 to 3.7.39 SNS 3.11.0 to 3.11.27 SN 4.3.0 to 4.3.22 SNS 4.6.0 to 4.6.9 SNS 4.7.0 to 4.7.1

Workaround solution

Solution

Block access to port 1300 from the OUT interface.

The following version will fix the issue :

SNS 4.3.23
SNS 4.6.10
SNS 4.7.2

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Network	Low	None	None	Unchanged	Low	None	None

CVSS Base score: 5.3	CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploit Code Maturity	Remediation Level	Report Confidence
Proof of concept code	Workaround	Confirmed

CVSS Temporal score: 4.9	CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
Low	Low	Low

CVSS Environmental score: 4.2	CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data