ECDHE server keys vulnerability
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2014-004 | 12/17/2014 | low | v1 |
Vulnerability details
A vulnerability has been found in the implementation of TLS on some Stormshield products.
In the affected products, elliptic curve keys used to negotiate an encryption key are the same on every firewall. This allows an attacker to retrieve the negotiated key and decrypt data.
The attacker must be able to capture the encrypted traffic.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Netasq | low | A static elliptic curve key is used in some versions of the product. |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 12/17/2014 | Initial release |
Netasq |
CVSS v2 Overall Score: 1.3
|
Analysis |
Impacted version |
|
A vulnerability has been found in the implementation of TLS on Netasq firewalls 9.0.6 to 9.0.9. Elliptic curve keys used to negotiate an encryption key are the same on every impacted firewalls. This allows an attacker to retrieve the negotiated key and decrypt data. The attacker must be able to capture the encrypted traffic. This vulnerability impacts the SSL proxy, VPN SSL, authentication portal and administration portal. Successful exploitation of this vulnerability may allow an attacker to read encrypted data as clear-text.
|
|
Workaround solution |
Solution |
|
It is possible to deactivate TLS elliptic curve usage with the CLI console. You can check if ECDHE is activated on your firewall with this command: config auth show You will see some cipher suites with the ECDHE prefix. You can deactivate ECDHE with the command: config auth https cipherlist=AES128-SHA config auth activate config auth show SslCipher section should now only contain SslCipher [SslCipher] AES128-SHA You can add additional cipher with the command: config auth https cipherlist=X,Y |
This vulnerability will not be fixed in the affected products. We strongly recommend you to update your firewall with the latest 9.1 version. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | Medium | None | Complete | None | None |
| CVSS Base score: 7.1 | CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Official fix | Confirmed |
| CVSS Temporal score: 5.3 | CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | Low [0-25%] |
| CVSS Environmental score: 1.3 | CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C/CDP:N/TD:L/CR:ND/IR:ND/AR:ND) |