CVE-2023-5253 MEDIUM

CVE-2023-5253: Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0

Vendor Nozomi Networks
Product Guardian
Weakness CWE-306 · Missing auth
Published January 15, 2024
Last update June 17, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.

Key dates

02Disclosure timeline

January 15, 2024 CVE published
June 17, 2025 Record updated