SQL Injection on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
CVE-2023-29245

9.2CRITICAL

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 19 September 2023

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2023-29245?

A SQL Injection vulnerability exists in Nozomi Networks Guardian and CMC, attributable to improper input validation in certain fields of the Asset Intelligence functionality. This flaw may allow unauthenticated attackers to send crafted network packets, potentially permitting them to execute arbitrary SQL commands on the database management system (DBMS). Consequently, malicious actors with advanced knowledge of the system could extract sensitive information, modify database structure and data, or disrupt system availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CMC 22.6.0 < 22.6.3

CMC 23.0.0 < 23.1.0

Guardian 22.6.0 < 22.6.3

References

https://security.nozominetworks.com/NN-2023:11-01

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Jun 12, 2023

Credit

This issue was found by Nozomi Networks during an internal investigation.

JSON

Nozomi Networks

What is CVE-2023-29245?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.