SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Attackers to Access Sensitive Data

CVECVE-2023-29245
CVSScvssV3_1: 8.1
SourceCVE-2023-29245

Nozomi Networks Guardian and CMC have been found to be vulnerable to SQL injection attacks. SQL injection is a type of injection attack where malicious SQL statements are inserted into an entry field for execution on the backend database.

The vulnerability lies in improper validation of user input in certain fields used in the Asset Intelligence functionality. An unauthenticated attacker can craft malicious network packets and execute arbitrary SQL commands on the database by exploiting this.

This allows a skilled attacker to extract sensitive information like user data, passwords etc from the database or even modify or delete data. They could even completely take control of the backend database.

As network security tools, Nozomi Networks products monitor networks for threats. An attacker gaining access through this SQL injection flaw could potentially retrieve confidential monitoring data or disable security monitoring.

It is recommended that users of Nozomi Networks Guardian and CMC apply the latest software updates released by the company as soon as possible. Regular audits of database access logs and monitoring for unusual queries can also help detect any exploitation attempts. Proper input validation must also be implemented by Nozomi Networks to prevent such vulnerabilities in the future.

References