Command injection

2021-02-2221:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.3%

JSON

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

CPENameOperatorVersion
central_management_controlge19.0.0
central_management_controlle19.0.12
central_management_controlge20.0.0.0
central_management_controllt20.0.7.4
guardiange20.0.0.0
guardianlt20.0.7.4
guardiange19.0.0
guardianlt19.0.12

Name	Operator	Version
central_management_control	ge	19.0.0
central_management_control	le	19.0.12
central_management_control	ge	20.0.0.0
central_management_control	lt	20.0.7.4
guardian	ge	20.0.0.0
guardian	lt	20.0.7.4
guardian	ge	19.0.0
guardian	lt	19.0.12

References

security.nozominetworks.com/NN-2021:1-01