Unrated severityNVD Advisory· Published Mar 24, 2022· Updated Sep 20, 2024

Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

CVE-2022-0551

Description

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Affected products

Nozominetworks/Cmcv5
Range: unspecified
Nozominetworks/Guardianv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.nozominetworks.com/NN-2022:2-02mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000