cvelist/2023/5xxx/CVE-2023-5253.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-5253",
        "ASSIGNER": "prodsec@nozominetworks.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-306 Missing Authentication for Critical Function",
                        "cweId": "CWE-306"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Nozomi Networks",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Guardian",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "23.3.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "CMC",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "23.3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://security.nozominetworks.com/NN-2023:12-01",
                "refsource": "MISC",
                "name": "https://security.nozominetworks.com/NN-2023:12-01"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "INTERNAL"
    },
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<div><div>Use internal firewall features to limit access to the web management interface.</div></div>"
                }
            ],
            "value": "Use internal firewall features to limit access to the web management interface."
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<div><div>Upgrade to v23.3.0 or later.</div></div>"
                }
            ],
            "value": "Upgrade to v23.3.0 or later."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "This issue was found by Nozomi Networks Product Security team during an internal VAPT testing session."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-09-28 13:00:36 +00:00			`{`
"-Synchronized-Data." 2024-01-15 11:00:39 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-09-28 13:00:36 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-5253",`
"-Synchronized-Data." 2024-01-15 11:00:39 +00:00			`"ASSIGNER": "prodsec@nozominetworks.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-09-28 13:00:36 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-05-28 13:00:32 +00:00			`"value": "A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.\n\n\n\nMalicious unauthenticated users with knowledge on the underlying system may be able to extract asset information."`
"-Synchronized-Data." 2024-01-15 11:00:39 +00:00			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-306 Missing Authentication for Critical Function",`
			`"cweId": "CWE-306"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Nozomi Networks",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Guardian",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "0",`
			`"version_value": "23.3.0"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "CMC",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "0",`
			`"version_value": "23.3.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://security.nozominetworks.com/NN-2023:12-01",`
			`"refsource": "MISC",`
			`"name": "https://security.nozominetworks.com/NN-2023:12-01"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "INTERNAL"`
			`},`
			`"work_around": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "<div><div>Use internal firewall features to limit access to the web management interface.</div></div>"`
			`}`
			`],`
"-Synchronized-Data." 2024-05-28 13:00:32 +00:00			`"value": "Use internal firewall features to limit access to the web management interface."`
"-Synchronized-Data." 2024-01-15 11:00:39 +00:00			`}`
			`],`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "<div><div>Upgrade to v23.3.0 or later.</div></div>"`
			`}`
			`],`
"-Synchronized-Data." 2024-05-28 13:00:32 +00:00			`"value": "Upgrade to v23.3.0 or later."`
"-Synchronized-Data." 2024-01-15 11:00:39 +00:00			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "This issue was found by Nozomi Networks Product Security team during an internal VAPT testing session."`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"version": "3.1"`
"-Synchronized-Data." 2023-09-28 13:00:36 +00:00			`}`
			`]`
			`}`
			`}`