Stored Cross-Site Scripting (XSS) in Threat Intelligence rules in Guardian/CMC before 22.6.2
CVE-2023-22843

4.8MEDIUM

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 9 August 2023

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2023-22843?

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and can later be executed by another legitimate user viewing the details of such a rule. Via stored Cross-Site Scripting (XSS), an attacker may be able to perform unauthorized actions on behalf of legitimate users and/or gather sensitive information. JavaScript injection was possible in the contents for Yara rules, while limited HTML injection has been proven for packet and STYX rules.

Affected Version(s)

CMC 0 < 22.6.2

Guardian 0 < 22.6.2

References

https://security.nozominetworks.com/NN-2023:4-01

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2023
Vulnerability Reserved
Jan 24, 2023

Credit

This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.