CVE-2023-24471
Last modified
CVE-2023-24471 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nozominetworks | Cmc | < 22.6.2 |
| Nozominetworks | Guardian | < 22.6.2 |
References
- https://security.nozominetworks.com/NN-2023:5-01Vendor Advisory
- https://security.nozominetworks.com/NN-2023:5-01Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-24471?
How severe is CVE-2023-24471?
How do I fix CVE-2023-24471?
Are you affected by CVE-2023-24471?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST