CVE-2023-29245

Summary

CVE-2023-29245 is a SQL Injection vulnerability affecting Nozomi Networks' Guardian and CMC products. This issue arises due to insufficient input validation in certain fields utilized in the Asset Intelligence functionality of their Intrusion Detection System (IDS). An unauthenticated attacker can exploit this flaw by sending maliciously crafted network packets to execute arbitrary SQL statements on the underlying DBMS. Potential consequences include uncontrolled data extraction and alteration, posing a significant risk to system integrity and confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.