{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24015", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2023-01-24T10:39:24.266Z", "datePublished": "2023-08-09T09:05:16.765Z", "dateUpdated": "2024-09-20T12:07:25.358Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Guardian", "vendor": "Nozomi Networks", "versions": [{"lessThan": "22.6.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CMC", "vendor": "Nozomi Networks", "versions": [{"lessThan": "22.6.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session."}], "datePublic": "2023-08-09T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.</p><p>The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.</p>"}], "value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1286", "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-20T12:07:25.358Z"}, "references": [{"url": "https://security.nozominetworks.com/NN-2023:6-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Upgrade to v22.6.2 or later.</p>"}], "value": "Upgrade to v22.6.2 or later."}], "source": {"discovery": "INTERNAL"}, "title": "Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Use internal firewall features to limit access to the web management interface.</p>"}], "value": "Use internal firewall features to limit access to the web management interface."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T20:29:38.907474Z", "id": "CVE-2023-24015", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T20:29:45.567Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:08.818Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.nozominetworks.com/NN-2023:6-01", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.nozominetworks.com/NN-2023:6-01", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:49:08.818Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T20:29:38.907474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T20:29:42.714Z"}}], "cna": {"title": "Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nozomi Networks", "product": "Guardian", "versions": [{"status": "affected", "version": "0", "lessThan": "22.6.2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Nozomi Networks", "product": "CMC", "versions": [{"status": "affected", "version": "0", "lessThan": "22.6.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to v22.6.2 or later.", "supportingMedia": [{"type": "text/html", "value": "<p>Upgrade to v22.6.2 or later.</p>", "base64": false}]}], "datePublic": "2023-08-09T07:00:00.000Z", "references": [{"url": "https://security.nozominetworks.com/NN-2023:6-01"}], "workarounds": [{"lang": "en", "value": "Use internal firewall features to limit access to the web management interface.", "supportingMedia": [{"type": "text/html", "value": "<p>Use internal firewall features to limit access to the web management interface.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.", "supportingMedia": [{"type": "text/html", "value": "<p>A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.</p><p>The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1286", "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-20T12:07:25.358Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24015", "state": "PUBLISHED", "dateUpdated": "2024-09-20T12:07:25.358Z", "dateReserved": "2023-01-24T10:39:24.266Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2023-08-09T09:05:16.765Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5DACA15-76B3-417A-8776-9014575659A6", "versionEndExcluding": "22.6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", "matchCriteriaId": "6317D905-9F4B-42A1-937E-AB79D99B1973", "versionEndExcluding": "22.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.\n\nThe reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio parcial en la secci\u00f3n Informes, que puede ser explotada por un usuario malicioso ya autenticado que fuerce a guardar un informe con el nombre nulo.\n\nLa secci\u00f3n de informes estar\u00e1 parcialmente no disponible para todos los intentos posteriores de utilizarla, con la lista de informes aparentemente atascada en la carga."}], "id": "CVE-2023-24015", "lastModified": "2024-11-21T07:47:15.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2023-08-09T10:15:09.890", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.nozominetworks.com/NN-2023:6-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.nozominetworks.com/NN-2023:6-01"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1286"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}