HIGH🇬🇧 English

CVE-2023-32649

CVSS 8.2v4.0pub. 2023-09-19upd. 2024-11-21

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Nozominetworks Cmc

    APP
    Nozominetworks
    22.6.0 – 22.6.3 (bez)23.0.0 – 23.1.0 (bez)
  • Nozominetworks Guardian

    APP
    Nozominetworks
    22.6.0 – 22.6.3 (bez)23.0.0 – 23.1.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth BypassDoS
CWE
Referencje

Powiązane podatności

CVE-2023-29245CRITICAL9.2ten sam produkt

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain...

CVE-2025-40898HIGH7.2ten sam produkt

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient...

CVE-2025-40892HIGH7.1ten sam produkt

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper valida...

CVE-2025-40886HIGH7.7ten sam produkt

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input...

CVE-2025-3719HIGH7.2ten sam produkt

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction n...