Open Redirect Vulnerability in Stormshield Network Security Devices
CVE-2020-8430

6.1MEDIUM

Key Information:

Vendor

Stormshield

Status
Stormshield Network Security
Vendor
CVE Published:
13 April 2020

What is CVE-2020-8430?

Stormshield Network Security 310 devices are susceptible to an Open Redirect vulnerability affecting the captive portal. This vulnerability allows attackers to manipulate the 'rurl' parameter in a malicious query string, enabling redirection to untrusted sites. For example, an attacker can use 'rurl=//example.com' instead of the intended 'rurl=https://example.com', potentially leading users to phishing sites or other harmful endpoints. Users of the affected versions should apply necessary updates and safeguards to mitigate these risks.

References

https://www.stormshield.com/products/sn310/
x_refsource_MISC
https://www.digitemis.com/category/blog/actualite/
x_refsource_MISC
https://www.digitemis.com/2020/02/24/digitemis-decouvre-u...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.