Headline
CVE-2023-26095: SIP DDOS risks | Stormshield security
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
SIP DDOS risks
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2023-007
CVE-2023-26095
01/04/2023
high
v1
Vulnerability details
The SNS is vulnerable to a crash when Nating a specially crafted SIP packet
Impacted products
Products
Severity
Detail
Stormshield Network Security
high
SNS is impacted
Revisions
Version
Date
Description
v1
02/21/2023
Initial release
Stormshield Network Security
**CVSS v3.1 Overall Score: 8.1 **
Analysis
Impacted version
The SNS is vulnerable to a crash when Nating a specially crafted SIP packet
- 4.3.15
- SNS 4.6.0 to 4.6.2
Workaround solution
Solution
Deactivate the intrusion prevention (IPS) for the protocol SIP.
The following versions fix this vulnerability:
- 4.3.16
- 4.6.3
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Network
Low
None
None
Unchanged
None
None
High
CVSS Base score: 7.5
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploit Code Maturity
Remediation Level
Report Confidence
Unproven that exploit exists
Official fix
Confirmed
CVSS Temporal score: 6.5
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
High
High
High
CVSS Environmental score: 8.1
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)