Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4
CVE-2021-26725

7.2HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 22 February 2021

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2021-26725?

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

Affected Version(s)

CMC 20.0.7.3 and prior versions

Guardian 20.0.7.3 and prior versions

References

https://security.nozominetworks.com/NN-2021:2-01

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2021
Vulnerability Reserved
Feb 5, 2021

Credit

This bug was found by Erik de Jong