CVE-2021-26725
22.02.2021, 21:15
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
| Vendor | Product | Version |
|---|---|---|
| nozominetworks | central_management_control | 19.0.0 ≤ 𝑥 ≤ 19.0.12 |
| nozominetworks | central_management_control | 20.0.0.0 ≤ 𝑥 < 20.0.7.4 |
| nozominetworks | guardian | 19.0.0 ≤ 𝑥 < 19.0.12 |
| nozominetworks | guardian | 20.0.0.0 ≤ 𝑥 < 20.0.7.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-24 - Path Traversal: '../filedir'The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.