IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Resolved vulnerabilities in SNS 3.10.1
ClamAV
The vulnerability CVE-2019-15961, which would enable denial of service attacks through specially crafted e-mails, was fixed with the upgrade of the ClamAV antivirus engine.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
Command line
The SNS command line service (serverd) was vulnerable to brute force attacks only through protected interfaces, and only when access to the administration server over port 1300 was allowed in the configuration of implicit rules. This flaw has been fixed.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
RTSP protocol
Support reference 70716
A flaw in the IPS analysis of the RTSP protocol with the interleaving function, mainly used by IP cameras, would occasionally cause the appliance to restart. This flaw has been fixed.
Do note that interleaving support is not enabled in factory configuration.
Authentication portal
New checks are now conducted during the verification of parameters used in the URL of the firewall's captive portal.
Details on this vulnerability (CVE-2020-8430) can be found on our website https://advisories.stormshield.eu.
Libfetch library
The vulnerability CVE-2020-7450 was fixed after a security patch was applied to the FreeBSD libfetch library.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
CLI / Serverd commands
The CLI / Serverd command CONFIG AUTOUPDATE SERVER has been enhanced so that the use of the "url” parameter is now better monitored.
Certificates and PKI
Additional checks have been implemented when certificates are processed, in order to prevent the execution of JavaScript that can be embedded in specially crafted certificates for malicious purposes. Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
Web administration interface
Checks are now conducted during the verification of parameters used in the URL of the firewall's web administration interface.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.