NN-2024:1-01

DoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1

Last update: 2024-09-19

Advisory IDNN-2024:1-01
TopicDoS on IDS parsing of malformed Radius packets in Guardian before 23.4.1
CWE ImpactCWE-1286: Improper Validation of Syntactic Correctness of Input
Issue date2024-04-10
AffectsGuardian < v23.4.1
CVE Name(s)CVE-2024-0218
CVSS DetailsCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score8.2 (CVSS v4.0)
7.5 (CVSS v3.1)
CVE Risk LevelHigh (CVSS v4.0)
High (CVSS v3.1)
Risk Level for Nozomi customersHigh

Summary

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.

Impact

Network traffic may not be analyzed until the IDS module is restarted.

Affected Products

Guardian < v23.4.1

Workarounds and Mitigations

N/A

Solutions

Upgrade to v23.4.1 or later.

Modification History

2024-04-10: Initial revision
2024-05-20: Added CVSS v4.0 scoring where applicable
2024-09-19: Revised CWE mapping

Related Links

Acknowledgements

We thank the following parties for their efforts:

  • Nozomi Networks for discovering this issue during an internal investigation that followed a bug report from one of our customers.

Contact

Nozomi Networks Product Security team can be reached at prodsec@nozominetworks.com.
More contact details on the PSIRT page.