CVE-2022-23989

{"id": "CVE-2022-23989", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-15T21:15:09.603", "references": [{"url": "https://advisories.stormshield.eu/2022-003", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service."}, {"lang": "es", "value": "En Stormshield Network Security (SNS) antes de la versi\u00f3n 3.7.25, de la 3.8.x a la 3.11.x antes de la 3.11.13, de la 4.x antes de la 4.2.10 y de la 4.3.x antes de la 4.3.5, una avalancha de conexiones al servicio SSLVPN podr\u00eda provocar la saturaci\u00f3n de la interfaz de loopback. Esto podr\u00eda resultar en el bloqueo de casi todo el tr\u00e1fico de red, haciendo que el firewall sea inalcanzable. Un atacante podr\u00eda explotar esto a trav\u00e9s de un tr\u00e1fico falsificado y debidamente cronometrado para causar una denegaci\u00f3n de servicio"}], "lastModified": "2022-03-24T20:24:41.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B796566-AC85-486F-B961-E541E1159BD6", "versionEndExcluding": "3.7.25", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DAF9A3F-2B07-4148-80A8-96ADBBD1937E", "versionEndExcluding": "3.11.13", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008F3752-0F64-4B4E-9A81-7351490403C0", "versionEndExcluding": "4.2.10", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FF8B9D6-09C1-4A0E-8A45-AA3CD3A40355", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}