9
CVE-2021-26724
- EPSS 2.35%
- Veröffentlicht 22.02.2021 21:15:19
- Zuletzt bearbeitet 21.11.2024 05:56:45
- Quelle prodsec@nozominetworks.com
- CVE-Watchlists
- Unerledigt
LoginOS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nozominetworks ≫ Central Management Control Version >= 19.0.0 <= 19.0.12
Nozominetworks ≫ Central Management Control Version >= 20.0.0.0 < 20.0.7.4
Nozominetworks ≫ Guardian Version >= 19.0.0 < 19.0.12
Nozominetworks ≫ Guardian Version >= 20.0.0.0 < 20.0.7.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.35% | 0.846 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| prodsec@nozominetworks.com | 8.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| prodsec@nozominetworks.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.