CVE-2023-24015
Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2
Severity Score
5.3
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Se ha detectado una vulnerabilidad de denegación de servicio parcial en la sección Informes, que puede ser explotada por un usuario malicioso ya autenticado que fuerce a guardar un informe con el nombre nulo.
La sección de informes estará parcialmente no disponible para todos los intentos posteriores de utilizarla, con la lista de informes aparentemente atascada en la carga.
*Credits:
This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-24 CVE Reserved
- 2023-08-09 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-153: Input Data Manipulation
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.nozominetworks.com/NN-2023:6-01 | 2024-05-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nozominetworks Search vendor "Nozominetworks" | Cmc Search vendor "Nozominetworks" for product "Cmc" | < 22.6.2 Search vendor "Nozominetworks" for product "Cmc" and version " < 22.6.2" | - |
Affected
| ||||||
| Nozominetworks Search vendor "Nozominetworks" | Guardian Search vendor "Nozominetworks" for product "Guardian" | < 22.6.2 Search vendor "Nozominetworks" for product "Guardian" and version " < 22.6.2" | - |
Affected
| ||||||