CVE-2021-3398

Vulnerability

An integer overflow vulnerability exists in the high-availability component of Stormshield Network Security (SNS) versions 3.0.0 through 3.7.24 and 3.8.0 through 3.11.12. This flaw can break synchronization between master and slave nodes in an SNS cluster, leading to a split-brain scenario where both appliances become active simultaneously [1].

Exploitation

An attacker with network access to the SNS cluster can trigger a denial-of-service (DoS) attack that exploits the integer overflow. No authentication, user interaction, or special privileges are required. The attack vector is network-based with low complexity, and the scope is changed (impacting the cluster's availability) [1].

Impact

Successful exploitation results in a split-brain mode where both master and slave nodes are active, causing cluster instability and degraded availability. The confidentiality and integrity of data are not directly affected, but the availability impact is low (CVSS 5.8, vector AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L) [1].

Mitigation

Stormshield released fixed versions 3.7.25 and 3.11.13 to resolve this vulnerability. No workaround solution is available. Affected users should upgrade to these patched releases immediately [1].