CVE-2023-5253

Summary

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.

Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.

Affected Software

VendorProductVersion RangeStatus
Nozomi NetworksGuardian0 < 23.3.0affected
Nozomi NetworksCMC0 < 23.3.0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Use internal firewall features to limit access to the web management interface.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References