exploitDog

GHSA-r8jv-c3jp-366j

Опубликовано: 25 мар. 2022

Источник: github

Github: Не прошло ревью

CVSS4: 8.6

CVSS3: 7.2

Описание

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

Ссылки

EPSS

Процентиль: 64%

0.00477

Низкий

8.6 High

CVSS4

7.2 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2022-0551

CVSS3: 7.2

nvd

почти 4 года назад

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.

EPSS

Процентиль: 64%

0.00477

Низкий

8.6 High

CVSS4

7.2 High

CVSS3

CVE ID

Дефекты

CWE-20