Unrated severityNVD Advisory· Published Mar 24, 2022· Updated Sep 20, 2024

Authenticated RCE on logo report upload in Guardian/CMC before 22.0.0

CVE-2022-0550

Description

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Affected products

Nozominetworks/Guardianv5
Range: unspecified
Nozominetworks/Cmcv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.nozominetworks.com/NN-2022:2-01mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000