Unrated severityNVD Advisory· Published Jan 15, 2024· Updated Jun 17, 2025

Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0

CVE-2023-5253

Description

A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.

Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.

Affected products

Nozominetworks/Cmcv5
Range: 0
Nozominetworks/Guardianv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.nozominetworks.com/NN-2023:12-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000