Lucene search

[email protected]CVE-2023-29245

HistorySep 19, 2023 - 11:16 a.m.

CVE-2023-29245

2023-09-1911:16:18

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

nozomi networks guardian

cmc

asset intelligence

ids

cve-2023-29245

network security

vulnerability

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.

Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.

Affected configurations

NVD

Node

nozominetworkscmcRange22.6.0–22.6.3

nozominetworkscmcRange23.0.0–23.1.0

nozominetworksguardianRange22.6.0–22.6.3

nozominetworksguardianRange23.0.0–23.1.0

CPENameOperatorVersion
nozominetworks:cmcnozominetworks cmclt22.6.3
nozominetworks:cmcnozominetworks cmclt23.1.0
nozominetworks:guardiannozominetworks guardianlt22.6.3
nozominetworks:guardiannozominetworks guardianlt23.1.0

CPE	Name	Operator	Version
nozominetworks:cmc	nozominetworks cmc	lt	22.6.3
nozominetworks:cmc	nozominetworks cmc	lt	23.1.0
nozominetworks:guardian	nozominetworks guardian	lt	22.6.3
nozominetworks:guardian	nozominetworks guardian	lt	23.1.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Guardian",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "22.6.3",
        "status": "affected",
        "version": "22.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1.0",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CMC",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "22.6.3",
        "status": "affected",
        "version": "22.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1.0",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

security.nozominetworks.com/NN-2023:11-01

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for CVE-2023-29245

prion1 nvd1 cvelist1 ics1