CVE-2023-24015

EPSS 0.45%
Veröffentlicht 09.08.2023 10:15:09
Zuletzt bearbeitet 21.11.2024 07:47:15
Quelle prodsec@nozominetworks.com
CVE-Watchlists
Login
Unerledigt
Login

Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.

The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nozominetworks ≫ Cmc Version < 22.6.2

Nozominetworks ≫ Guardian Version < 22.6.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.359

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
prodsec@nozominetworks.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
prodsec@nozominetworks.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

https://security.nozominetworks.com/NN-2023:6-01

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24015

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-24015