CVE-2023-5253
MEDIUMNozomi Networks Guardian and CMC < 23.3.0 - Unauthenticated Asset Data Exposure via Check Point IoT WebSocket Channel
Title source: llmDescription
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
References (1)
Core 1
Core References
Third Party Advisory
https://security.nozominetworks.com/NN-2023:12-01
Scores
CVSS v3
5.3
EPSS
0.0045
EPSS Percentile
35.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (2)
nozominetworks/cmc
< 23.3.0
nozominetworks/guardian
< 23.3.0
Published
Jan 15, 2024
Tracked Since
Feb 18, 2026