// For flags

CVE-2023-22843

Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2

Severity Score

7.3
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.
An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.
The injected code will be executed in the context of the authenticated victim's session.

Un atacante autenticado con acceso administrativo al dispositivo puede inyectar código JavaScript malicioso dentro de la definición de una regla de Inteligencia de Amenazas, que posteriormente será ejecutado por otro usuario legítimo que vea los detalles de dicha regla.
Un atacante puede ser capaz de realizar acciones no autorizadas en nombre de usuarios legítimos. La inyección de JavaScript fue posible en el contenido para las reglas de Yara, mientras que la inyección limitada de HTML ha sido probada para las reglas de paquetes y STIX.
El código inyectado se ejecutará en el contexto de la sesión de la víctima autenticada.

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule.
Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules.

*Credits: This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
Low
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-01-24 CVE Reserved
  • 2023-08-09 CVE Published
  • 2024-08-15 EPSS Updated
  • 2024-09-20 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
  • CAPEC-592: Stored XSS
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nozominetworks
Search vendor "Nozominetworks"
Cmc
Search vendor "Nozominetworks" for product "Cmc"
< 22.6.2
Search vendor "Nozominetworks" for product "Cmc" and version " < 22.6.2"
-
Affected
Nozominetworks
Search vendor "Nozominetworks"
Guardian
Search vendor "Nozominetworks" for product "Guardian"
< 22.6.2
Search vendor "Nozominetworks" for product "Guardian" and version " < 22.6.2"
-
Affected