Cmc
CVE-2023-23903
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (nozominetworks) · only source for this CVE.
CVSS VectorVendor: nozominetworks
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.
The whole application in rendered unusable until a console intervention.
AnalysisAI
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1286. An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention. Affected products include: Nozominetworks Cmc, Nozominetworks Guardian.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript cod
Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC)
Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users
Path traversal in Nozomi Networks CMC and Guardian allows authenticated users with limited privileges to write arbitrary
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today