Lucene search

[email protected]NVD:CVE-2023-32649

HistorySep 19, 2023 - 11:16 a.m.

CVE-2023-32649

2023-09-1911:16:20

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-32649

nozomi networks

denial of service

improper input validation

asset intelligence functionality

ids module

unauthenticated attacker

crash the ids

network packets

network traffic

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.

During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.

Affected configurations

NVD

Node

nozominetworkscmcRange22.6.0–22.6.3

nozominetworkscmcRange23.0.0–23.1.0

nozominetworksguardianRange22.6.0–22.6.3

nozominetworksguardianRange23.0.0–23.1.0

References

security.nozominetworks.com/NN-2023:10-01

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for NVD:CVE-2023-32649

cvelist1 cve1 prion1 ics1