CVE-2022-0550 HIGH

CVE-2022-0550: Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0

Vendor Nozomi Networks

Product Guardian

Weakness CWE-20 · Input validation

Published March 24, 2022

Last update September 20, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Key dates

02Disclosure timeline

March 24, 2022 CVE published

September 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0550

Related vulnerabilities

Identifiers

CVE CVE-2022-0550

CWE CWE-20

CVSS 7.2 / HIGH

Affected versions

Vendor Nozomi Networks

Product Guardian

Affected ≥ unspecified and < 22.0.0

Vendor Nozomi Networks

Product CMC

Affected ≥ unspecified and < 22.0.0

CVE-2022-0550: Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0

01Description

02Disclosure timeline

03References

04Related CVE