CVE-2023-32649

HIGH

Nozominetworks Cmc < 22.6.3 - Denial of Service

Title source: rule

Description

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.

References (1)

[Vendor Advisory] https://security.nozominetworks.com/NN-2023:10-01

Scores

CVSS v3 7.5

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1286 CWE-20

Status published

Products (2)

nozominetworks/cmc 22.6.0 - 22.6.3

nozominetworks/guardian 22.6.0 - 22.6.3

Published Sep 19, 2023

Tracked Since Feb 18, 2026