This could lead to unauthorized accesses and privilege escalation.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Nozomi Networks | Guardian | unaffected |
|
||||||
| Nozomi Networks | CMC | unaffected |
|
No data.
No data.
No data available yet.
Vendor Solution
Upgrade to v23.4.1 or later.
Vendor Workaround
Nozomi Networks recommends creating specific users for OpenAPI usage, with only the necessary permissions to access the required data sources. Additionally, it is advised to limit API keys to allowed IP addresses whenever possible. Finally, it is also suggested to regenerate existing API keys periodically and to review sign-ins via API keys in the audit records.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-59115 | Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation. |
| Link | Providers |
|---|---|
| https://security.nozominetworks.com/NN-2023:17-01 |
|
Fri, 20 Sep 2024 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nozominetworks
Nozominetworks central Management Control Nozominetworks guardian |
|
| Weaknesses | CWE-522 | |
| CPEs | cpe:2.3:a:nozominetworks:central_management_control:*:*:*:*:*:*:*:* cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Nozominetworks
Nozominetworks central Management Control Nozominetworks guardian |
|
| Metrics |
ssvc
|
Fri, 20 Sep 2024 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-201 |
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published:
Updated: 2024-09-20T11:47:45.639Z
Reserved: 2023-12-18T10:31:09.989Z
Link: CVE-2023-6916
Vulnrichment
Updated: 2024-08-02T08:42:08.668Z
NVD
Status : Awaiting Analysis
Published: 2024-04-10T16:15:09.190
Modified: 2024-11-21T08:44:49.807
Link: CVE-2023-6916
Redhat
No data.
OpenCVE Enrichment
No data.