Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0
Vulnerability Description
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Nozomi Networks Guardian 访问控制错误漏洞
Vulnerability Description
Nozomi Networks Guardian是美国Nozomi Networks公司的一款物联网设备和软件检查系统。 Nozomi Networks Guardian和CMC v23.3.0之前版本存在安全漏洞,该漏洞源于WebSocket通道缺少身份验证检查,导致未经身份验证的攻击者可以获取资产数据。
CVSS Information
N/A
Vulnerability Type
N/A