PT-2022-13254 · Nozomi Networks · Nozomi Networks Cmc+1
Published
2022-03-24
·
Updated
2024-09-20
·
CVE-2022-0550
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nozomi Networks Guardian versions prior to 22.0.0
Nozomi Networks CMC versions prior to 22.0.0
Description
The issue is related to improper input validation in the custom report logo upload feature of Nozomi Networks Guardian and CMC. This allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges.
Recommendations
For Nozomi Networks Guardian versions prior to 22.0.0, update to version 22.0.0 or later to resolve the issue.
For Nozomi Networks CMC versions prior to 22.0.0, update to version 22.0.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the custom report logo upload feature for users with admin or report manager roles until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nozomi Networks Cmc
Nozomi Networks Guardian