certfr_avis - certfr-2024-avi-0804

CERTFR-2024-AVI-0804

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.4.x à 4.7.x antérieures à 4.7.9
Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 4.3.30
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.8.x antérieures à 4.8.3
Stormshield	Stormshield Network VPN Client	Stormshield VPN Client Exclusive sans le correctif de sécurité EC VULN IS 1986
Stormshield	Stormshield Network VPN Client	Stormshield VPN Client Standard sans le correctif de sécurité VULN EC IS 1992

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2024-030	2024-09-24	vendor-advisory
Bulletin de sécurité Stormshield 2024-031	2024-09-25	vendor-advisory
Bulletin de sécurité Stormshield 2024-024	2024-09-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.4.x \u00e0 4.7.x ant\u00e9rieures \u00e0 4.7.9",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.30",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.3",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield VPN Client Exclusive  sans le correctif de s\u00e9curit\u00e9 EC VULN IS 1986",
      "product": {
        "name": "Stormshield Network VPN Client",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield VPN Client Standard sans le correctif de s\u00e9curit\u00e9 VULN EC IS 1992",
      "product": {
        "name": "Stormshield Network VPN Client",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-39706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39706"
    },
    {
      "name": "CVE-2024-45750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45750"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    }
  ],
  "initial_release_date": "2024-09-25T00:00:00",
  "last_revision_date": "2024-09-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0804",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2024-09-24",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-030",
      "url": "https://advisories.stormshield.eu/2024-030/"
    },
    {
      "published_at": "2024-09-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-031",
      "url": "https://advisories.stormshield.eu/2024-031/"
    },
    {
      "published_at": "2024-09-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-024",
      "url": "https://advisories.stormshield.eu/2024-024/"
    }
  ]
}

CVE-2024-3596 (GCVE-0-2024-3596)

Vulnerability from cvelistv5

Published

2024-07-09 12:02

Modified

2025-09-04 21:05

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Summary

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

References

URL

Tags

	https://datatracker.ietf.org/doc/html/rfc2865
	https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
	https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
	https://www.blastradius.fail/
	http://www.openwall.com/lists/oss-security/2024/07/09/4
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
	https://cert-portal.siemens.com/productcert/html/ssa-794185.html	vendor-advisory
	https://cert-portal.siemens.com/productcert/html/ssa-723487.html	vendor-advisory

Impacted products

	Vendor	Product	Version
	IETF	RFC	Version: 2865

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rfc",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2865"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T03:55:37.141738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-04T21:05:25.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-29T14:32:14.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
          },
          {
            "url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc2865"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.blastradius.fail/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RFC",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "2865"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T17:29:16.788Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2865"
        },
        {
          "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
        },
        {
          "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
        },
        {
          "url": "https://www.blastradius.fail/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT for  SIPROTEC, SICAM and related product",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT to SCALANCE, RUGGEDCOM and related products.",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
      "x_generator": {
        "engine": "VINCE 3.0.4",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2024-3596",
    "datePublished": "2024-07-09T12:02:53.001Z",
    "dateReserved": "2024-04-10T15:09:45.391Z",
    "dateUpdated": "2025-09-04T21:05:25.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45750 (GCVE-0-2024-45750)

Vulnerability from cvelistv5

Published

2024-09-25 00:00

Modified

2024-09-26 19:02

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

Summary

An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel.

References

URL

Tags

	https://thegreenbow.com
	https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:thegreenbow:android_vpn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "android_vpn",
            "vendor": "thegreenbow",
            "versions": [
              {
                "lessThanOrEqual": "6.4.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:thegreenbow:vpn_client_linux:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vpn_client_linux",
            "vendor": "thegreenbow",
            "versions": [
              {
                "lessThanOrEqual": "3.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:thegreenbow:windows_standard_vpn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "windows_standard_vpn",
            "vendor": "thegreenbow",
            "versions": [
              {
                "lessThanOrEqual": "6.87.108",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:thegreenbow:windows_enterprise_vpn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "windows_enterprise_vpn",
            "vendor": "thegreenbow",
            "versions": [
              {
                "lessThanOrEqual": "7.5.007",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:thegreenbow:vpn_client_macos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vpn_client_macos",
            "vendor": "thegreenbow",
            "versions": [
              {
                "lessThanOrEqual": "2.4.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45750",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T18:48:36.428721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T19:02:46.569Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-25T17:44:35.717372",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://thegreenbow.com"
        },
        {
          "url": "https://www.thegreenbow.com/en/support/security-alerts/#deeplink-17024"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-45750",
    "datePublished": "2024-09-25T00:00:00",
    "dateReserved": "2024-09-06T00:00:00",
    "dateUpdated": "2024-09-26T19:02:46.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2024-AVI-0804

Vulnerability from certfr_avis

Solutions

CVE-2024-3596 (GCVE-0-2024-3596)

Vulnerability from cvelistv5

CVE-2024-45750 (GCVE-0-2024-45750)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature