PT-2022-13255 · Nozomi Networks · Nozomi Networks Cmc+1
Published
2022-03-24
·
Updated
2024-09-20
·
CVE-2022-0551
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nozomi Networks Guardian versions prior to 22.0.0
Nozomi Networks CMC versions prior to 22.0.0
Description
The issue is related to an Improper Input Validation vulnerability in the project file upload feature of Nozomi Networks Guardian and CMC. This vulnerability allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges.
Recommendations
For Nozomi Networks Guardian versions prior to 22.0.0, update to version 22.0.0 or later to resolve the issue.
For Nozomi Networks CMC versions prior to 22.0.0, update to version 22.0.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the project file upload feature for users with admin or import manager roles until the update is applied.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nozomi Networks Cmc
Nozomi Networks Guardian