CVE-2023-24471
Summary
| CVE | CVE-2023-24471 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-09 09:15:00 UTC |
| Updated | 2023-08-16 19:46:00 UTC |
| Description | An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions. |
Risk And Classification
Problem Types: CWE-863
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Nozominetworks | Cmc | All | All | All | All |
| Application | Nozominetworks | Guardian | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| NN-2023:5-01 - Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2 - CVE-2023-24471 | Product Security Incident Response Portal | MISC | security.nozominetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.