Resolved vulnerabilities in SNS 4.1.3
OpenSSL
Vulnerability CVE-2020-1968 (Raccoon attack) was fixed after the OpenSSL component was upgraded to version 1.0.2x.
Vulnerability CVE-2020-1971, which can cause a denial of service attack if a CRL in the firewall's PKI was previously compromised, was fixed after the OpenSSL component was upgraded to version 1.0.2x.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
FreeBSD - ICMPv6
Vulnerability CVE-2020-7469, regarding the management of error messages in the ICMPv6 network stack, which could lead to use-after-free attacks, was fixed after the FreeBSD security patch was applied.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
Authentication by certificate
Additional controls have been set up to detect occurrences of the special character "*" in the e-mail address field of certificates. These controls make it possible to stop interpreting this character in requests to the LDAP directory, as it could allow unjustified connections to the firewall.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.