CVE-2023-5253

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.
References
Link Resource
https://security.nozominetworks.com/NN-2023:12-01 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

History

28 May 2024, 13:15

Type Values Removed Values Added
Summary (en) A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information. (en) A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.

22 Jan 2024, 19:56

Type Values Removed Values Added
References () https://security.nozominetworks.com/NN-2023:12-01 - () https://security.nozominetworks.com/NN-2023:12-01 - Third Party Advisory
First Time Nozominetworks
Nozominetworks guardian
Nozominetworks cmc
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*

16 Jan 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) Una verificación de autenticación faltante en el canal WebSocket utilizado para la integración de Check Point IoT en Nozomi Networks Guardian y CMC puede permitir que un atacante no autenticado obtenga datos de activos sin autenticación. Los usuarios maliciosos no autenticados con conocimiento sobre el sistema subyacente pueden extraer información de activos.

15 Jan 2024, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-15 11:15

Updated : 2024-05-28 13:15


NVD link : CVE-2023-5253

Mitre link : CVE-2023-5253

CVE.ORG link : CVE-2023-5253


JSON object : View

Products Affected

nozominetworks

  • guardian
  • cmc
CWE
CWE-306

Missing Authentication for Critical Function