Headline
CVE-2021-45885: SNS: Lack of old ssh password cleanup
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2021-069
CVE-2021-45885
12/13/2021
high
v1
Vulnerability details
Under specific update migration scenario, the first ssh password change does not properly clean the old one.
Impacted products
Products
Severity
Detail
Stormshield Network Security
high
SNS is impacted
Revisions
Version
Date
Description
v1
12/29/2021
Initial release
Stormshield Network Security
CVSS v3.1 Overall Score: 8.7 
Analysis
Impacted version
When migrating from versions <= 4.1.8 to version between 4.2.2 and 4.2.7 included : only for the first occurence, when a ssh password change is done, the previous password is not properly cleared.
- SNS 4.2.2 – 4.2.7
Workaround solution
Solution
Manually clean up specific secret repository on the SNS : please refer to our acknowledgement base for detailed procedure.
- Version 4.2.8 fix vulnerabilty
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Adjacent Network
Low
None
None
Changed
High
High
High
CVSS Base score: 9.6
CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploit Code Maturity
Remediation Level
Report Confidence
Proof of concept code
Official fix
Confirmed
CVSS Temporal score: 8.6
CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
Medium
Medium
Medium
CVSS Environmental score: 8.7
CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)