Unrated severityNVD Advisory· Published Sep 19, 2023· Updated Feb 27, 2025

DoS on IDS parsing of malformed asset fields in Guardian/CMC >= 22.6.0 before 22.6.3 and 23.1.0

CVE-2023-32649

Description

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.

During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.

Affected products

Nozominetworks/Cmcv5
Range: 22.6.0
Nozominetworks/Guardianv5
Range: 22.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.nozominetworks.com/NN-2023:10-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000