Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveNozomiCVE-2023-29245
HistorySep 19, 2023 - 11:16 a.m.

CVE-2023-29245

2023-09-1911:16:18
CWE-89
Nozomi
web.nvd.nist.gov
29
sql injection
nozomi networks guardian
cmc
asset intelligence
ids
cve-2023-29245
network security
vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

9.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.

Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.

Affected configurations

Nvd
Node
nozominetworkscmcRange22.6.022.6.3
OR
nozominetworkscmcRange23.0.023.1.0
OR
nozominetworksguardianRange22.6.022.6.3
OR
nozominetworksguardianRange23.0.023.1.0
VendorProductVersionCPE
nozominetworkscmc*cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
nozominetworksguardian*cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Guardian",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "22.6.3",
        "status": "affected",
        "version": "22.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1.0",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CMC",
    "vendor": "Nozomi Networks",
    "versions": [
      {
        "lessThan": "22.6.3",
        "status": "affected",
        "version": "22.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "23.1.0",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
ics 1
prion
prion
Sql injection
2023-09-19 11:16:00
nvd
nvd
CVE-2023-29245
2023-09-19 11:16:18
cvelist
cvelist
CVE-2023-29245 SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
2023-09-19 10:04:57
ics
ics
Siemens RUGGEDCOM APE1808 Devices
2023-11-16 12:00:00

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS4

9.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON
Related for CVE-2023-29245
prion1nvd1cvelist1ics1