CVE-2023-24015 MEDIUM

CVE-2023-24015: Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2

Vendor Nozomi Networks
Product Guardian
Weakness CWE-1286
Published August 9, 2023
Last update September 20, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

Key dates

02Disclosure timeline

August 9, 2023 CVE published
September 20, 2024 Record updated