CVE-2021-26724

HIGH

Nozominetworks Central Management Control - OS Command Injection

Title source: rule
STIX 2.1

Description

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.nozominetworks.com/NN-2021:1-01

Scores

CVSS v3 7.2
EPSS 0.0307
EPSS Percentile 86.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
nozominetworks/central_management_control 19.0.0 - 19.0.12
nozominetworks/guardian 19.0.0 - 19.0.12
Published Feb 22, 2021
Tracked Since Feb 18, 2026