CVE-2023-32649
Last modified
CVE-2023-32649 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nozominetworks | Cmc | >= 22.6.0, < 22.6.3 |
| Nozominetworks | Cmc | >= 23.0.0, < 23.1.0 |
| Nozominetworks | Guardian | >= 22.6.0, < 22.6.3 |
| Nozominetworks | Guardian | >= 23.0.0, < 23.1.0 |
References
- https://security.nozominetworks.com/NN-2023:10-01Vendor Advisory
- https://security.nozominetworks.com/NN-2023:10-01Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-32649?
How severe is CVE-2023-32649?
How do I fix CVE-2023-32649?
Are you affected by CVE-2023-32649?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST