← back
CVE-2021-26724

Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

CVSS 8.6 HIGHEPSS 3.1%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 3.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Nozomi Networks · CMCNozomi Networks · Guardian

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.nozominetworks.com/NN-2021:1-01