Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistNozomiCVELIST:CVE-2023-29245
HistorySep 19, 2023 - 10:04 a.m.

CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0

2023-09-1910:04:57
CWE-89
Nozomi
www.cve.org
cve-2023-29245
sql injection
nozomi networks guardian
cmc
input validation
asset intelligence
ids
malicious network packets
dbms security

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.

Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Guardian",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "22.6.3",
        "status": "affected",
        "version": "22.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1.0",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CMC",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "22.6.3",
        "status": "affected",
        "version": "22.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1.0",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
ics 1
prion
prion
Sql injection
2023-09-19 11:16:00
nvd
nvd
CVE-2023-29245
2023-09-19 11:16:18
cve
cve
CVE-2023-29245
2023-09-19 11:16:18
ics
ics
Siemens RUGGEDCOM APE1808 Devices
2023-11-16 12:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON
Related for CVELIST:CVE-2023-29245
prion1nvd1cve1ics1