Unauthenticated Denial of Service Vulnerability in Nozomi Networks Guardian
CVE-2024-0218

7.5HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian
Vendor: CVE Published:; 10 April 2024

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2024-0218?

A Denial of Service vulnerability exists within Nozomi Networks Guardian, specifically linked to improper input validation in the RADIUS parsing functionality of the Intrusion Detection System (IDS). This vulnerability allows an unauthenticated attacker to send specially crafted malformed network packets, ultimately causing the IDS module to cease its operations in updating nodes, links, and assets. As a result, network traffic analysis will be interrupted and may persist until the affected IDS module is manually restarted.

Affected Version(s)

Guardian 0 < 23.4.1

References

https://security.nozominetworks.com/NN-2024:1-01

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Jan 3, 2024

Credit

This issue was found by Nozomi Networks during an internal investigation that followed a bug report from one of our customers.