Headline
CVE-2022-27812: SNS : risk of DOS on SNS firewall
Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the source through an internal to internal or external to internal interfaces will lead the firewall to overwork. It will consume 100% CPU, 100 RAM and won’t be available and can crash.
Advisory ID
CVE Number
Date discovered
Severity
Advisory revision
STORM-2022-009
CVE-2022-27812
11/22/2021
medium
v2
Vulnerability details
Risk of DoS on SNS
Impacted products
Products
Severity
Detail
Stormshield Network Security
medium
SNS is impacted
Revisions
Version
Date
Description
v1
04/06/2022
Reserved Publication
v2
07/26/2022
Updated and disclosed
Stormshield Network Security
**CVSS v3.1 Overall Score: 5.3 **
Analysis
Impacted version
Flooding the firewall with specific forged traffic, can lead to SNS DoS.
SNS 3.7.0 to 3.7.29
SNS 3.11.0 to 3.11.17
SNS 4.2.0 to 4.2.10
SNS 4.3.0 to 4.3.6
Workaround solution
Solution
There is no workaround solution.
The following versions fix this vulnerability:
- 3.7.30
- 3.11.18
- 4.2.11
- 4.3.7
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability impact
Network
Low
None
None
Unchanged
None
None
High
CVSS Base score: 7.5
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploit Code Maturity
Remediation Level
Report Confidence
Functional exploit exists
Official fix
Confirmed
CVSS Temporal score: 7
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C)
Confidentiality Requirement
Integrity Requirement
Availability Requirement
Low
Low
Low
CVSS Environmental score: 5.3
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)