A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNozominetworks Cmc
APPNozominetworks22.6.0 – 22.6.3 (bez)23.0.0 – 23.1.0 (bez)Nozominetworks Guardian
APPNozominetworks22.6.0 – 22.6.3 (bez)23.0.0 – 23.1.0 (bez)
Related vulnerabilities
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain...
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient...
A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper valida...
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input...
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction n...