CVE-2020-11711 — MEDIUM (4.8)

Q: How severe is CVE-2020-11711?

CVE-2020-11711 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-11711?

Check the references section above for vendor advisories and patch information. Affected products include: Stormshield Stormshield Network Security.

Vulnerability Description

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Stormshield	Stormshield Network Security	>= 3.6.0, < 3.7.13

Related Weaknesses (CWE)

CWE-79

References

https://advisories.stormshield.eu/2020-011/Vendor Advisory
https://twitter.com/_ACKNAK_Not Applicable
https://www.digitemis.com/category/blog/actualite/Not Applicable
https://advisories.stormshield.eu/2020-011/Vendor Advisory
https://twitter.com/_ACKNAK_Not Applicable
https://www.digitemis.com/category/blog/actualite/Not Applicable

FAQ

What is CVE-2020-11711?

CVE-2020-11711 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel....

How severe is CVE-2020-11711?

CVE-2020-11711 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11711?

Check the references section above for vendor advisories and patch information. Affected products include: Stormshield Stormshield Network Security.