CVE-2020-11711: An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious dis...

Description

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

Metrics

CVSS 3.1

4.8/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.40%

31.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Stormshield	Stormshield Network Security	>= 3.6.0, < 3.7.13
Stormshield	Stormshield Network Security	>= 3.8.0, < 3.11.0
Stormshield	Stormshield Network Security	>= 4.0.0, < 4.1.1

References

https://advisories.stormshield.eu/2020-011/Vendor Advisory
https://twitter.com/_ACKNAK_Not Applicable
https://www.digitemis.com/category/blog/actualite/Not Applicable
https://advisories.stormshield.eu/2020-011/Vendor Advisory
https://twitter.com/_ACKNAK_Not Applicable
https://www.digitemis.com/category/blog/actualite/Not Applicable

Timeline

Published: Aug 25, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-11711?

An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.

How severe is CVE-2020-11711?

CVE-2020-11711 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.

How do I fix CVE-2020-11711?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.