gsd-2023-24015
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-24015",
"id": "GSD-2023-24015"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-24015"
],
"details": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.\n\n",
"id": "GSD-2023-24015",
"modified": "2023-12-13T01:20:58.399156Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ID": "CVE-2023-24015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Guardian",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "22.6.2"
}
]
}
},
{
"product_name": "CMC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "22.6.2"
}
]
}
}
]
},
"vendor_name": "Nozomi Networks"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-20",
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.nozominetworks.com/NN-2023:6-01",
"refsource": "MISC",
"url": "https://security.nozominetworks.com/NN-2023:6-01"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to v22.6.2 or later.\u003c/p\u003e"
}
],
"value": "Upgrade to v22.6.2 or later.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse internal firewall features to limit access to the web management interface.\u003c/p\u003e"
}
],
"value": "Use internal firewall features to limit access to the web management interface.\n\n"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.6.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.6.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@nozominetworks.com",
"ID": "CVE-2023-24015"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.nozominetworks.com/NN-2023:6-01",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://security.nozominetworks.com/NN-2023:6-01"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-08-16T16:45Z",
"publishedDate": "2023-08-09T10:15Z"
}
}
}
Loading...