OpenVPN DDoS risks
Vulnerability details
A vulnerability has been identified in the OpenVPN service embedded in SNS products. An attacker could exploit it with specific crafted packets, in order to cause a denial of service of the OpenVPN daemon.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
02/13/2024 |
Initial release |
v2 |
04/10/2024 |
Update and disclosed |
v3 |
05/28/2024 |
Update corrective versions |
v4 |
05/29/2024 |
Update corrective versions |
v5 |
05/30/2024 |
Update impacted versions |
v6 |
08/07/2024 |
Update corrective versions |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5.1
|
Analysis
|
Impacted version
|
Control Channel in OpenVPN allows remote attackers to cause a denial of service via specifically crafted reset packet.
|
- SNS 4.4.0 to 4.7.2
- SNS 4.3.0 to 4.3.25
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The following versions fix this vulnerability:
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Network |
Low |
None |
None |
Unchanged |
None |
None |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
Low |
Low |
Low |