A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.
Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
References
| Link | Resource |
|---|---|
| https://security.nozominetworks.com/NN-2023:12-01 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Sep 2024, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information. |
28 May 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information. |
22 Jan 2024, 19:56
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-15 11:15
Updated : 2024-09-20 12:15
NVD link : CVE-2023-5253
Mitre link : CVE-2023-5253
CVE.ORG link : CVE-2023-5253
JSON object : View
Products Affected
nozominetworks
- cmc
- guardian
CWE
CWE-306
Missing Authentication for Critical Function