Lucene search

[email protected]NVD:CVE-2023-2567

HistorySep 19, 2023 - 11:16 a.m.

CVE-2023-2567

2023-09-1911:16:19

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

nozomi networks

authenticated attacker

input validation

web application

dbms

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.
Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

Affected configurations

NVD

Node

nozominetworkscmcRange22.6.0–22.6.3

nozominetworkscmcRange23.0.0–23.1.0

nozominetworksguardianRange22.6.0–22.6.3

nozominetworksguardianRange23.0.0–23.1.0

References

security.nozominetworks.com/NN-2023:9-01

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for NVD:CVE-2023-2567

prion1 cvelist1 cve1 ics1