A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.
Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.
References
Link | Resource |
---|---|
https://security.nozominetworks.com/NN-2023:12-01 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 May 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information. |
22 Jan 2024, 19:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Nozominetworks cmc
Nozominetworks Nozominetworks guardian |
|
CPE | cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* |
|
CWE | CWE-306 | |
References | () https://security.nozominetworks.com/NN-2023:12-01 - Third Party Advisory |
15 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-15 11:15
Updated : 2024-05-28 13:15
NVD link : CVE-2023-5253
Mitre link : CVE-2023-5253
CVE.ORG link : CVE-2023-5253
JSON object : View
Products Affected
nozominetworks
- guardian
- cmc
CWE
CWE-306
Missing Authentication for Critical Function