{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-24471", "ASSIGNER": "prodsec@nozominetworks.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.\n\nAn authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-863 Incorrect Authorization", "cweId": "CWE-863" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Nozomi Networks", "product": { "product_data": [ { "product_name": "Guardian", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", "version_value": "22.6.2" } ] } }, { "product_name": "CMC", "version": { "version_data": [ { "version_affected": "<", "version_name": "0", "version_value": "22.6.2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://security.nozominetworks.com/NN-2023:5-01", "refsource": "MISC", "name": "https://security.nozominetworks.com/NN-2023:5-01" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "INTERNAL" }, "work_around": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Use internal firewall features to limit access to the web management interface.

" } ], "value": "Use internal firewall features to limit access to the web management interface." } ], "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Upgrade to v22.6.2 or later.

" } ], "value": "Upgrade to v22.6.2 or later." } ], "credits": [ { "lang": "en", "value": "This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ] } }