CVE-2024-4465— Nozomi Networks Guardian/CMC 安全漏洞

Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

授权机制不正确

Nozomi Networks Guardian/CMC 安全漏洞

Nozomi Networks Guardian/CMC是美国Nozomi Networks公司的一个中央管理控制台。 Nozomi Networks Guardian/CMC存在安全漏洞，该漏洞源于报告部分的访问控制未对有限权限用户正确实施，可能导致数据完整性部分丢失、有限的拒绝服务（DoS）影响以及信息泄露。

N/A

N/A