← Back to CVEs
CVE-2023-5253
MEDIUM5.3
Description
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/15/2024
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
nozominetworks:cmcnozominetworks:guardian
Weaknesses (CWE)
CWE-306CWE-306
References
https://security.nozominetworks.com/NN-2023:12-01(prodsec@nozominetworks.com)
https://security.nozominetworks.com/NN-2023:12-01(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.