PT-2021-17116 · Nozomi Networks · Nozomi Networks Cmc+1
Erik De Jong
·
Published
2021-02-22
·
Updated
2024-05-28
·
CVE-2021-26725
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nozomi Networks Guardian versions 20.0.7.3 and prior versions
Nozomi Networks CMC versions 20.0.7.3 and prior versions
Description
A Path Traversal issue exists when changing the timezone using the web GUI, allowing an authenticated administrator to read protected system files.
Recommendations
For Nozomi Networks Guardian versions 20.0.7.3 and prior versions, consider disabling the timezone change functionality in the web GUI until a patch is available.
For Nozomi Networks CMC versions 20.0.7.3 and prior versions, consider disabling the timezone change functionality in the web GUI until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nozomi Networks Cmc
Nozomi Networks Guardian