HIGH🇵🇱 Wersja polska

CVE-2023-32649

CVSS 8.2v4.0pub. 2023-09-19upd. 2024-11-21

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Nozominetworks Cmc

    APP
    Nozominetworks
    22.6.0 – 22.6.3 (bez)23.0.0 – 23.1.0 (bez)
  • Nozominetworks Guardian

    APP
    Nozominetworks
    22.6.0 – 22.6.3 (bez)23.0.0 – 23.1.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2023-29245CRITICAL9.2ten sam produkt

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain...

CVE-2025-40898HIGH7.2ten sam produkt

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient...

CVE-2025-40892HIGH7.1ten sam produkt

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper valida...

CVE-2025-40886HIGH7.7ten sam produkt

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input...

CVE-2025-3719HIGH7.2ten sam produkt

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction n...