Headline
CVE-2023-23903: NN-2023:7-01 - DoS via SAML configuration in Guardian/CMC before 22.6.2 - CVE-2023-23903
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.
The whole application in rendered unusable until a console intervention.
Summary
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.
Impact
The whole application in rendered unusable until a console intervention.
Affected Products
Guardian, CMC < v22.6.2
Workarounds and Mitigations
Use internal firewall features to limit access to the web management interface.
Solutions
Upgrade to v22.6.2 or later.
Modification History
2023-08-09: Initial revision
Related Links****Acknowledgements
This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.