CVE-2022-4259

Summary

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.

Affected Software

VendorProductVersion RangeStatus
Nozomi NetworksCMC0 < 22.5.2affected
Nozomi NetworksGuardian0 < 22.5.2affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Workarounds

Use internal firewall features to limit access to the web management interface.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References