CVE-2021-26725 HIGH

CVE-2021-26725: Authenticated command path traversal on timezone settings in Guardian/CMC before 20.0.7.4

Vendor Nozomi Networks
Product Guardian
Weakness CWE-24
Published February 22, 2021
Last update September 17, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

Key dates

02Disclosure timeline

February 22, 2021 CVE published
September 17, 2024 Record updated