CVE-2023-24471
Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.
An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.
Se ha encontrado una vulnerabilidad en el control de acceso, debido a que las restricciones que se aplican en las aserciones reales no se aplican en su funcionalidad de depuración. Un usuario autenticado con visibilidad reducida puede obtener información no autorizada a través de la funcionalidad de depuración, obteniendo datos que normalmente no serían accesibles en las funciones de Consulta y Aserciones.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-01-24 CVE Reserved
- 2023-08-09 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
- CAPEC-122: Privilege Abuse
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.nozominetworks.com/NN-2023:5-01 | 2024-05-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nozominetworks Search vendor "Nozominetworks" | Cmc Search vendor "Nozominetworks" for product "Cmc" | < 22.6.2 Search vendor "Nozominetworks" for product "Cmc" and version " < 22.6.2" | - |
Affected
| ||||||
Nozominetworks Search vendor "Nozominetworks" | Guardian Search vendor "Nozominetworks" for product "Guardian" | < 22.6.2 Search vendor "Nozominetworks" for product "Guardian" and version " < 22.6.2" | - |
Affected
|