Advisory ID | NN-2023:6-01 |
---|---|
Topic | Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 |
CWE Impact | CWE-20: Improper Input Validation |
Issue date | 2023-08-09 |
Affects | Guardian, CMC < v22.6.2 |
CVE Name(s) | CVE-2023-24015 |
CVSS details | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
CVSS Score | 4.3 |
CVE Risk Level | Medium |
Risk Level for Nozomi customers | Low |
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Guardian, CMC < v22.6.2
Use internal firewall features to limit access to the web management interface.
Upgrade to v22.6.2 or later.
We thank the following parties for their efforts: