Dos risk with IPV6 packets

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2024-029	CVE-2024-44078	07/11/2024	medium	v1

Vulnerability details

If Stealth mode is disabled in SNS firmware configuration, spamming IPV6 packets can cause a DOS.

Impacted products

Products	Severity	Detail
Stormshield Network Security	medium	SNS is impacted

Revisions

Version	Date	Description
v1	03/24/2025	Initial release

Stormshield Network Security

CVSS v3.1 Overall Score: 6.7

Analysis

Impacted version

If Stealth mode is disabled on SNS configuration, spamming the SNS appliance with IPV6 packets can cause a denial-of-service.

To check that Stealth mode is enabled in the SNS UTM administration webpage:
– Configuration > Application Protection > Protocols > IP Protocols > IP (Stealth mode should be enabled in that page)

SNS 4.3.0 to 4.3.36
SNS 4.7.0 to 4.7.10
SNS 4.8.0 to 4.8.8

Workaround solution

Solution

Enable Stealth Mode on the SNS firewall.

The following firmware updates will fix this vulnerability:

SNS 4.3.37
SNS 4.8.9
SNS 5.0.0

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope	Confidentiality Impact	Integrity Impact	Availability impact
Network	Low	None	None	Unchanged	None	None	High

CVSS Base score: 7.5	CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploit Code Maturity	Remediation Level	Report Confidence
Unproven that exploit exists	Workaround	Confirmed

CVSS Temporal score: 6.7	CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:W/RC:C)

Confidentiality Requirement (CR)	Integrity Requirement (IR)	Availability Requirement (AR)
Medium	Medium	Medium

CVSS Environmental score: 6.7	CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)