CVE-2023-24477 – This vulnerability allows an authenticated loca... (How to Fix)

Q: What is the severity of CVE-2023-24477?

CVE-2023-24477 has a CVSS score of 7.0 (HIGH). This vulnerability allows an authenticated local attacker to potentially access another user's session after logout in Guardian/CMC software. The issue occurs under specific timing conditions when using Chrome browser. Organizations running affected Guardian/CMC versions are at risk.

📋 TL;DR

This vulnerability allows an authenticated local attacker to potentially access another user's session after logout in Guardian/CMC software. The issue occurs under specific timing conditions when using Chrome browser. Organizations running affected Guardian/CMC versions are at risk.

💻 Affected Systems

Products:

Guardian/CMC

Versions: Versions before 22.6.2

Operating Systems: All supported OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Chrome browser usage and specific timing conditions to exploit

📦 What is this software?

Cmc by Nozominetworks

View all CVEs affecting Cmc →

Guardian by Nozominetworks

View all CVEs affecting Guardian →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain unauthorized access to sensitive administrative functions and data belonging to other users, potentially leading to privilege escalation and data compromise.

🟠

Likely Case

Local authenticated users could access sessions of recently logged-out users, potentially viewing or modifying restricted information within the application.

🟢

If Mitigated

With proper session management controls and timely patching, the risk is limited to authenticated users exploiting specific timing conditions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and specific timing conditions with Chrome browser

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.6.2

Vendor Advisory: https://security.nozominetworks.com/NN-2023:8-01

Restart Required: Yes

Instructions:

1. Download Guardian/CMC version 22.6.2 or later from official vendor sources. 2. Backup current configuration. 3. Install the update following vendor documentation. 4. Restart the service/application.

🔧 Temporary Workarounds

Use alternative browsers

all

Switch from Chrome to alternative browsers (Firefox, Edge, Safari) to avoid the specific timing conditions

Enforce session timeout

all

Configure shorter session timeout periods to reduce window of opportunity

🧯 If You Can't Patch

Restrict Chrome browser usage on affected systems
Implement additional authentication layers and monitor for unusual session activity

🔍 How to Verify

Check if Vulnerable:

Check Guardian/CMC version in administration interface or via vendor-provided version check command

Check Version:

Check application administration panel or consult vendor documentation for version verification

Verify Fix Applied:

Verify version is 22.6.2 or later and test logout functionality with Chrome browser

📡 Detection & Monitoring

Log Indicators:

Multiple sessions from same user ID in short timeframe
Session creation immediately after logout events

Network Indicators:

Unusual session reuse patterns
Multiple authentication requests from same source

SIEM Query:

source="guardian_logs" AND (event="session_create" OR event="logout") | stats count by user, src_ip | where count > 2

📊 Metadata

CVE ID: CVE-2023-24477

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-384

Published: August 9, 2023

Last Updated: November 21, 2024

🔗 References

https://security.nozominetworks.com/NN-2023:8-01 Vendor Advisory
https://security.nozominetworks.com/NN-2023:8-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24477, you might also want to check these: