SNS: ICMP packets vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2023-031 CVE-2023-47093 08/22/2023 low v3

Vulnerability details

An issue was discovered in the ASQ in Stormshield Network Security (SNS) products.

Impacted products

Stormshield Network Security low SNS is impacted


Version Date Description
v1 10/13/2023 Initial release
v2 12/15/2023 Update & disclosed

Stormshield Network Security

CVSS v3.1 Overall Score: 3.2      


Impacted version

Sendind specific crafted ICMP packets to the firewall may lead to a crash of the ASQ engine.

  • SNS 4.0.0 through 4.3.21
  • SNS 4.4.0 through 4.6.8
  • SNS 4.7.0

Workaround solution


Disable AutoICMP on the analysis profile:

setconf ~/ConfigFiles/Protocols/icmp/00 IPS AutoICMP 0
setconf ~/ConfigFiles/Protocols/icmp/01 IPS AutoICMP 0

The following versions will fix this vulnerability:

  • SNS 4.3.22
  • SNS 4.6.9
  • SNS 4.7.1

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Unchanged None None Low
CVSS Base score: 4.3 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.8 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Low
CVSS Environmental score: 3.2 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)