PT-2024-1414 · Check Point+1 · Check Point Iot+2
Published
2024-01-15
·
Updated
2024-09-20
·
CVE-2023-5253
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nozomi Networks Guardian and CMC (affected versions not specified)
Description
A missing authentication check in the WebSocket channel used for the Check Point IoT integration may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge of the underlying system may be able to extract limited asset information.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cmc
Check Point Iot
Nozomi Networks Guardian