Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4
CVE-2021-26724
7.2HIGH
What is CVE-2021-26724?
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
Affected Version(s)
CMC 20.0.7.3 and prior versions
Guardian 20.0.7.3 and prior versions