Malformed ECDSA signature accepted

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2024-031 CVE-2024-45750 09/19/2024 medium v1

Vulnerability details

During the IKEv2 Authentication phase, the VPN client accepts malformed ECDSA signatures and establishes the tunnel.

Impacted products

ProductsSeverityDetail
Stormshield Network VPN Client medium impacted

Revisions

Version Date Description
v1 09/24/2024 Initial release


Stormshield Network VPN Client

CVSS v3.1 Overall Score: 5.3      

Analysis

Impacted version

During the IKEv2 Authentication phase, the VPN client accepts malformed ECDSA signatures and establishes the tunnel.
  • Stormshield VPN Client Standard 6.87 and earlier
  • Stormshield VPN Client Exclusive 7.5 and earlier

Workaround solution

Solution

There is no workaround solution.
  • For Stormshield VPN Client Standard use the patch “Patch VULN EC IS 1992.zip
  • For Stormshield VPN Client Exclusive use the patch “Patch EC VULN IS 1986.zip

The installation and patch verification procedures:

Installation Procedure:

  • Download the patch from https://mystormshield.eu/
  • Close the VPN client.
  • Rename the file “C:\Program Files\Stormshield\Network VPN Client\TgbIkeNg.exe” to “TgbIkeNg.old”.
  • Copy the new “TgbIkeNg.exe” file from the zip file into the same folder.
  • Restart the VPN client.

To ensure the patch has been applied correctly:

  • For Stormshield VPN Client Standard : After installing the patch, check that the version of the “TgbIkeNg.exe” file has changed from 6.8.7.011 to 6.8.7.012 by going to the “About” menu.
  • For Stormshield VPN Client Exclusive : After the patch installation, ensure that the version of the “TgbIkeNg.exe” file has updated from 7.5.007 to 7.5.1.009 by accessing the “About” menu.


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network High High None Unchanged High None None
CVSS Base score: 4.4 CVSS Vector: (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.9 CVSS Vector: (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
High Low Low
CVSS Environmental score: 5.3 CVSS Vector: (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)