← back
CVE-2023-5253

Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0

CVSS 6.3 MEDIUMEPSS 0.5%CWE-306
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products
Nozomi Networks · CMCNozomi Networks · Guardian

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.nozominetworks.com/NN-2023:12-01