CVE-2020-11711

Severity Score

4.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

*Credits: N/A

CVSS Scores

NISTv3.1 4.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-12 CVE Reserved
2023-08-25 CVE Published
2024-08-04 CVE Updated
2024-08-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source
https://twitter.com/_ACKNAK_	Not Applicable
https://www.digitemis.com/category/blog/actualite	Not Applicable

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://advisories.stormshield.eu/2020-011	2023-08-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 3.6.0 < 3.7.13 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 3.6.0 < 3.7.13"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 3.8.0 < 3.11.0 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 3.8.0 < 3.11.0"		-		Affected
Stormshield Search vendor "Stormshield"		Stormshield Network Security Search vendor "Stormshield" for product "Stormshield Network Security"				>= 4.0.0 < 4.1.1 Search vendor "Stormshield" for product "Stormshield Network Security" and version " >= 4.0.0 < 4.1.1"		-		Affected