CVE-2023-23903 MEDIUM

CVE-2023-23903: DoS via SAML configuration in Guardian/CMC before 22.6.2

Vendor Nozomi Networks
Product Guardian
Weakness CWE-1286
Published August 9, 2023
Last update September 20, 2024

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

Key dates

02Disclosure timeline

August 9, 2023 CVE published
September 20, 2024 Record updated