Headline
CVE-2023-24015: NN-2023:6-01 - Partial DoS on Reports section due to null report name in Guardian/CMC before 22.6.2 - CVE-2023-24015
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Summary
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.
Impact
The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.
Affected Products
Guardian, CMC < v22.6.2
Workarounds and Mitigations
Use internal firewall features to limit access to the web management interface.
Solutions
Upgrade to v22.6.2 or later.
Modification History
2023-08-09: Initial revision
Related Links****Acknowledgements
This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.