CVE-2023-24471 MEDIUM

CVE-2023-24471: Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2

Vendor Nozomi Networks
Product Guardian
Weakness CWE-863 · Incorrect authorization
Published August 9, 2023
Last update August 2, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

Key dates

02Disclosure timeline

August 9, 2023 CVE published
August 2, 2024 Record updated