← voltar
CVE-2021-26724

Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

CVSS 8.6 HIGHEPSS 3.1%CWE-78
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Nozomi Networks · CMCNozomi Networks · Guardian

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://security.nozominetworks.com/NN-2021:1-01