NSRPC client module size badly checked

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2016-001 04/15/2016 low v1

Vulnerability details

The NSRPC client badly checks the module size sended by the server.

An attacker in a man in the middle position can modify the module sended by the server by a weak one to the client, then bruteforce the response in order to determine his secret and the cypher key.

So the attacker can get the administrator password hash and use it to connect to the appliance.

Impacted products

ProductsSeverityDetail
Stormshield Network Security low SNS embeds a vulnerable version of NSRPC
Netasq low Netasq embeds a vulnerable version of NSRPC

Revisions

Version Date Description
v1 15/04/2015 Initial release

 



Stormshield Network Security

CVSS v2 Overall Score: 3.2      

Analysis

Impacted version

nsrpc is a tool used by administrator to connect to the appliance.
  • all nsrpc version previous this one

Workaround solution

Solution

There is no workaround solution.
  • Windows:  “Apr 28 2016 13:56:31”
  • Linux 32b: ” May 11 2016 17:52:19″
  • Linux 64b: ” May 11 2016 18:06:37″


Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Adjacent Network Medium None Complete None None
CVSS Base score: 5.7 CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 4.2 CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.2 CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 3.2      

Analysis

Impacted version

nsrpc is a tool used by administrator to connect to the appliance.
  • all nsrpc version previous this one

Workaround solution

Solution

There is no workaround solution.
  • Windows:  “Apr 28 2016 13:56:31”
  • Linux 32b: ” May 11 2016 17:52:19″
  • Linux 64b: ” May 11 2016 18:06:37″


Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Adjacent Network Medium None Complete None None
CVSS Base score: 5.7 CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:N/A:N)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 4.2 CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 3.2 CVSS Vector: (AV:A/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)