DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0
CVE-2023-32649

8.2HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 19 September 2023

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2023-32649?

A critical security flaw has been discovered in Nozomi Networks Guardian and CMC that allows an unauthenticated attacker to exploit improper input validation within the Asset Intelligence functionality of the Intrusion Detection System (IDS). By sending specially crafted malformed network packets, an attacker could crash the IDS module. This exploitation leads to a temporary disruption in network traffic analysis, as the system may remain non-functional until the module is restarted automatically. Organizations utilizing these products should seek to implement necessary updates and mitigations to safeguard against potential attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CMC 22.6.0 < 22.6.3

CMC 23.0.0 < 23.1.0

Guardian 22.6.0 < 22.6.3

References

https://security.nozominetworks.com/NN-2023:10-01

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Jun 12, 2023

Credit

This issue was found by Nozomi Networks during an internal investigation.

JSON

Nozomi Networks

What is CVE-2023-32649?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.