CVE-2023-23903

Summary

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.

The whole application in rendered unusable until a console intervention.

Affected Software

VendorProductVersion RangeStatus
Nozomi NetworksGuardian0 < 22.6.2affected
Nozomi NetworksCMC0 < 22.6.2affected

Weaknesses

  • CWE-1286: CWE-1286 Improper Validation of Syntactic Correctness of Input

Workarounds

Use internal firewall features to limit access to the web management interface.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References