CVE-2023-23903

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.nozominetworks.com/NN-2023:7-01	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nozominetworks:cmc::::::::
	cpe:2.3:a:nozominetworks:guardian::::::::

History

28 May 2024, 13:15

Type	Values Removed	Values Added
Summary		(es) Un administrador autenticado puede cargar un archivo de configuración SAML con el formato incorrecto, sin que la aplicación compruebe el formato correcto del archivo. Cada solicitud posterior de la aplicación devolverá un error. Toda la aplicación en inutilizable hasta una intervención de la consola.
Summary	(en) An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.	(en) An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.

Information

Published : 2023-08-09 10:15

Updated : 2024-05-28 13:15

NVD link : CVE-2023-23903

Mitre link : CVE-2023-23903

CVE.ORG link : CVE-2023-23903

JSON object : View

Products Affected

nozominetworks

guardian
cmc

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2023-23903", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2023-08-09T10:15:09.687", "references": [{"url": "https://security.nozominetworks.com/NN-2023:7-01", "tags": ["Vendor Advisory"], "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.\n\nThe whole application in rendered unusable until a console intervention."}, {"lang": "es", "value": "Un administrador autenticado puede cargar un archivo de configuraci\u00f3n SAML con el formato incorrecto, sin que la aplicaci\u00f3n compruebe el formato correcto del archivo. Cada solicitud posterior de la aplicaci\u00f3n devolver\u00e1 un error. Toda la aplicaci\u00f3n en inutilizable hasta una intervenci\u00f3n de la consola."}], "lastModified": "2024-05-28T13:15:09.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5DACA15-76B3-417A-8776-9014575659A6", "versionEndExcluding": "22.6.2"}, {"criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6317D905-9F4B-42A1-937E-AB79D99B1973", "versionEndExcluding": "22.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@nozominetworks.com"}