Stormshield Network Security

CVSS v2 Overall Score: 2.8      

Analysis

Impacted version

The vulnerability can be exploited on the SSL proxy and administration and authentication portal components.

The attack can be performed when these services are available on the attacker’s network.

• SNS 1.0.0 to 1.1.3

Workaround solution

Solution

Disable the implicit filtering rules on authentication, webadmin and SSL VPN, then replace them with more restrictive rules on sources of connections.

A new version of the product will provide the security patches needed.

Stormshield Endpoint Security

CVSS v2 Overall Score: 4.3      

Analysis

Impacted version

The successful exploitation of this vulnerability could allow an attacker to cause a denial of service on the Apache server bundled with the Stormshield Endpoint Security server. The successful exploitation of this vulnerability could also allow an attacker to cause a denial of service on the framework.exe process (either on an agent or a server). Stormshield Endpoint Security is configured to automatically restart those processes in case of unexpected failure; the interruption of service is limited.

The temporary unavailability of the Apache process on a server may delay the registration of newly installed agents.

The temporary unavailability of the framework.exe process running on a server may delay the processing of new logs and the application of a new security policy on agents.

The temporary unavailability of the framework.exe process running on an agent has no security impact: the security policy is still applied even if the framework.exe process is unavailable.

• SES 6.0.15 and 7.1.02

Workaround solution

Solution

There is no workaround solution.

The 6.0.17 and 7.1.04 updates are correcting this vulnerability.

Fast360

CVSS v2 Overall Score: 4.5      

Analysis

Impacted version

To cause a denial of service, an attacker must exploit the vulnerability on one of the following components:

• Administration. In this case, attacks can be performed from the ‘Admin from’ network
• Akauth. If Akauth is enabled, attacks can be performed from networks and hosts used as sources in filtering rules using Akauth

The denial of service makes the appliance rebooting for versions equal or later than 5.0/29 and 6.0/1

For prior versions, the denial of service results in some services being randomly killed.

• Fast360 5.0/16 to 5.0/32
• Fast360 6.0/1 to 6.0/6

Workaround solution

Solution

To limit the scope of the attack, check that ‘Admin from’ network and filtering rules using Akauth are set to be as restrictive as possible.

A new version of the product will provide the security patches needed.

Netasq

CVSS v2 Overall Score: 3.7      

Analysis

Impacted version

The vulnerability can be exploited on the SSL proxy and administration and authentication portal components.

The attack can be performed when these services are available on the attacker’s network.

• Netasq 9.0.0 to 9.1.3

Workaround solution

Solution

Disable the implicit filtering rules on authentication, webadmin and SSL VPN, then replace them with more restrictive rules on sources of connections.