Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
CVE-2021-26725

8.6HIGH

Key Information:

Vendor

Nozomi Networks

Status
Guardian
Cmc
Vendor
CVE Published:
22 February 2021

What is CVE-2021-26725?

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

Affected Version(s)

CMC 20.0.7.3 and prior versions

Guardian 20.0.7.3 and prior versions

References

https://security.nozominetworks.com/NN-2021:2-01
x_refsource_CONFIRM

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This bug was found by Erik de Jong
.