CVE-2020-11711

Name of the Vulnerable Software and Affected Versions Stormshield SNS version 3.8.0

Description An issue was discovered in the admin login panel, allowing authenticated Stored XSS, which can lead to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel and rendered on the authentication interface, enabling the injection of malicious HTML content to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface. Additionally, an unsecured authentication form is present on the SSL VPN captive portal, allowing users to save credentials inside the browser, which could be stolen via the stored XSS without user interaction. Another possible exploitation is the modification of the authentication form into a malicious form.

Recommendations For Stormshield SNS version 3.8.0, consider disabling the ability to upload disclaimer files from the admin panel as a temporary workaround until a patch is available. Restrict access to the admin panel and the SSL VPN captive portal to minimize the risk of exploitation. Avoid saving credentials inside the browser when using the unsecured authentication form on the SSL VPN captive portal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.