DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1

Last update: 2024-04-10

Advisory IDNN-2024:1-01
TopicDoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1
CWE ImpactCWE-20: Improper Input Validation
Issue date2024-04-10
AffectsGuardian < v23.4.1
CVE Name(s)CVE-2024-0218
CVSS detailsCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score7.5
CVE Risk LevelHigh
Risk Level for Nozomi customersHigh


A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.


Network traffic may not be analyzed until the IDS module is restarted.

Affected Products

Guardian < v23.4.1

Workarounds and Mitigations



Upgrade to v23.4.1 or later.

Modification History

2024-04-10: Initial revision

Related Links


We thank the following parties for their efforts:

  • Nozomi Networks for discovering this issue during an internal investigation that followed a bug report from one of our customers.


Nozomi Networks Product Security team can be reached at prodsec@nozominetworks.com.
More contact details on the PSIRT page.