An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule.
Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules.
References
Link | Resource |
---|---|
https://security.nozominetworks.com/NN-2023:4-01 | Vendor Advisory |
https://security.nozominetworks.com/NN-2023:4-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.4 |
References | () https://security.nozominetworks.com/NN-2023:4-01 - Vendor Advisory |
20 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules. |
16 Aug 2023, 21:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* |
|
First Time |
Nozominetworks cmc
Nozominetworks guardian Nozominetworks |
|
References | (MISC) https://security.nozominetworks.com/NN-2023:4-01 - Vendor Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
09 Aug 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 09:15
Updated : 2024-11-21 07:45
NVD link : CVE-2023-22843
Mitre link : CVE-2023-22843
CVE.ORG link : CVE-2023-22843
JSON object : View
Products Affected
nozominetworks
- guardian
- cmc
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')