CVE-2023-23574
Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.
Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.
Una vulnerabilidad de inyección blind SQL en Nozomi Networks Guardian y CMC, debida a una validación de entrada incorrecta en el componente alerts_count, permite a un atacante autenticado ejecutar consultas SQL arbitrarias en el DBMS utilizado por la aplicación web.
Los usuarios autenticados pueden extraer información arbitraria del DBMS de forma incontrolada.
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.
Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-01-24 CVE Reserved
- 2023-08-09 CVE Published
- 2024-09-20 CVE Updated
- 2024-10-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
- CAPEC-7: Blind SQL Injection
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.nozominetworks.com/NN-2023:3-01 | 2024-05-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nozominetworks Search vendor "Nozominetworks" | Cmc Search vendor "Nozominetworks" for product "Cmc" | < 22.6.2 Search vendor "Nozominetworks" for product "Cmc" and version " < 22.6.2" | - |
Affected
| ||||||
Nozominetworks Search vendor "Nozominetworks" | Guardian Search vendor "Nozominetworks" for product "Guardian" | < 22.6.2 Search vendor "Nozominetworks" for product "Guardian" and version " < 22.6.2" | - |
Affected
|