CVE-2023-24015

Summary

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.

The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

Affected Software

VendorProductVersion RangeStatus
Nozomi NetworksGuardian0 < 22.6.2affected
Nozomi NetworksCMC0 < 22.6.2affected

Weaknesses

  • CWE-1286: CWE-1286 Improper Validation of Syntactic Correctness of Input

Workarounds

Use internal firewall features to limit access to the web management interface.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References