An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule.
An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules.
The injected code will be executed in the context of the authenticated victim's session.
References
Link | Resource |
---|---|
https://security.nozominetworks.com/NN-2023:4-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Aug 2023, 21:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
References | (MISC) https://security.nozominetworks.com/NN-2023:4-01 - Vendor Advisory | |
First Time |
Nozominetworks cmc
Nozominetworks guardian Nozominetworks |
09 Aug 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 09:15
Updated : 2024-05-28 13:15
NVD link : CVE-2023-22843
Mitre link : CVE-2023-22843
CVE.ORG link : CVE-2023-22843
JSON object : View
Products Affected
nozominetworks
- guardian
- cmc
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')