CVE-2021-26724
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Nozomi Networks | Guardian | 20.0.7.3 and prior versions | affected |
| Nozomi Networks | CMC | 20.0.7.3 and prior versions | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Workarounds
Use internal firewall feature to limit management interface access and review user roles.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.