CVE-2023-6916
Information disclosure via audit records for OpenAPI requests in Guardian/CMC before 23.4.1
Severity Score
7.5
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Audit records for OpenAPI requests may include sensitive information.
This could lead to unauthorized accesses and privilege escalation.
Los registros de auditoría de solicitudes de OpenAPI pueden incluir información confidencial. Esto podría provocar accesos no autorizados y escalada de privilegios.
*Credits:
This issue was reported by Maciej Kosz.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-18 CVE Reserved
- 2024-04-10 CVE Published
- 2024-04-11 EPSS Updated
- 2024-09-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-201: Insertion of Sensitive Information Into Sent Data
- CWE-522: Insufficiently Protected Credentials
CAPEC
- CAPEC-114: Authentication Abuse
References (1)
| URL | Tag | Source |
|---|---|---|
| https://security.nozominetworks.com/NN-2023:17-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nozomi Networks Search vendor "Nozomi Networks" | Guardian Search vendor "Nozomi Networks" for product "Guardian" | < 23.4.1 Search vendor "Nozomi Networks" for product "Guardian" and version " < 23.4.1" | en |
Affected
| ||||||
| Nozomi Networks Search vendor "Nozomi Networks" | CMC Search vendor "Nozomi Networks" for product "CMC" | < 23.4.1 Search vendor "Nozomi Networks" for product "CMC" and version " < 23.4.1" | en |
Affected
| ||||||