CVE-2023-22843
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
Summary
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nozomi Networks | Guardian | 0 < 22.6.2 | affected |
| Nozomi Networks | CMC | 0 < 22.6.2 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Workarounds
Use internal firewall features to limit access to the web management interface.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.