SSTIC-2024 / Bypassing firewall filtering rules using DHCP

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2024-021 03/01/2024 low v1

Vulnerability details

During SSTIC 2024, a presentation demonstrated an attack on firewalls exploiting DHCP, suggesting that SNS might be vulnerable.

Impacted products

Stormshield Network Security low Not Impacted


Version Date Description
v1 05/06/2024 Initial release

Stormshield Network Security

CVSS v3.1 Overall Score: 0      


Impacted version


Rogue DHCP Attack is type of attack aims to perform address spoofing, where the attacker exploits a standard routing behavior that prioritizes routing to the smallest network.

SNS Behavior:

Through its IPS mechanism and address spoofing detection, SNS offers an adequate countermeasure to detect and block this type of attack. These mechanisms are enabled by default and are detailed here: Stormshield Documentation.

Attack Execution:

As indicated in the SSTIC 2024 presentation, On SNS it is imperative to disable the IPS and anti-spoofing protections of SNS, which are enabled by default, to carry out this attack.

However, in the default configuration, SNS, with its anti-spoofing protections, will detect the use of an IP that does not belong to this interface and will block the packet by raising an IP spoofing alarm (Type 2), resulting in the disconnection of the connection and preventing the attacker from reaching the server.


SNS is not vulnerable in standard usage scenarios.

No version is impacted

Workaround solution



Use the recommended configuration available here Stormshield Documentation.

Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Adjacent Network Low None None Changed None None None
CVSS Base score: 0 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Proof of concept code Official fix Reasonable
CVSS Temporal score: 0 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N/E:P/RL:O/RC:R)
Confidentiality Requirement Integrity Requirement Availability Requirement
Low Low Low
CVSS Environmental score: 0 CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N/E:P/RL:O/RC:R/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)


Thanks to Olivier Bal-Pétré for this report