|Topic||DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0|
|CWE Impact||CWE-20: Improper Input Validation|
|Affects||Guardian, CMC >= 22.6.0, < v22.6.3 or < v23.1.0|
|CVE Risk Level||High|
|Risk Level for Nozomi customers||High|
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.
During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
Guardian, CMC >= 22.6.0, < v22.6.3 or < v23.1.0
N/A. It is recommended to monitor the IDS log to check for abnormal stops and restarts.
Upgrade to v22.6.3, v23.1.0 or later.
We thank the following parties for their efforts: