CVE-2023-23903

MEDIUM

Nozomi Networks Guardian and CMC - Denial of Service via Malformed SAML Configuration

Title source: manual

Description

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

References (1)

[Vendor Advisory] https://security.nozominetworks.com/NN-2023:7-01

Scores

CVSS v3 4.9

EPSS 0.0013

EPSS Percentile 31.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1286

Status published

Products (2)

nozominetworks/cmc < 22.6.2

nozominetworks/guardian < 22.6.2

Published Aug 09, 2023

Tracked Since Feb 18, 2026