Lucene search

[email protected]NVD:CVE-2023-29245

HistorySep 19, 2023 - 11:16 a.m.

CVE-2023-29245

2023-09-1911:16:18

CWE-89

[email protected]

web.nvd.nist.gov

nozomi networks guardian

cmc

sql injection

input validation

asset intelligence functionality

ids

unauthenticated attacker

arbitrary sql statements

malicious network packets

dbms

extract information

alter data

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.

Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.

Affected configurations

NVD

Node

nozominetworkscmcRange22.6.0–22.6.3

nozominetworkscmcRange23.0.0–23.1.0

nozominetworksguardianRange22.6.0–22.6.3

nozominetworksguardianRange23.0.0–23.1.0

References

security.nozominetworks.com/NN-2023:11-01

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for NVD:CVE-2023-29245

prion1 cve1 cvelist1 ics1