CVE-2023-24477

HIGH

Guardian/CMC <22.6.2 - Privilege Escalation

Title source: llm

Description

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.

References (1)

[Vendor Advisory] https://security.nozominetworks.com/NN-2023:8-01

Scores

CVSS v3 7.0

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-384

Status published

Products (2)

nozominetworks/cmc < 22.6.2

nozominetworks/guardian < 22.6.2

Published Aug 09, 2023

Tracked Since Feb 18, 2026