Lucene search

K
cve[email protected]CVE-2020-11711
HistoryAug 25, 2023 - 4:15 p.m.

CVE-2020-11711

2023-08-2516:15:07
CWE-79
web.nvd.nist.gov
24
stormshield
sns
cve-2020-11711
stored xss
ssl vpn
admin panel
credential theft

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.2%

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim’s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

Affected configurations

NVD
Node
stormshieldstormshield_network_securityRange3.6.03.7.13
OR
stormshieldstormshield_network_securityRange3.8.03.11.0
OR
stormshieldstormshield_network_securityRange4.0.04.1.1

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.2%

Related for CVE-2020-11711