CVE-2021-26725

HIGH

Nozominetworks Central Management Control < 19.0.12 - Path Traversal

Title source: rule
STIX 2.1

Description

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticated administrator to read-protected system files. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.

References (1)

Scores

CVSS v3 7.2
EPSS 0.0053
EPSS Percentile 67.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22 CWE-24
Status published
Products (2)
nozominetworks/central_management_control 19.0.0 - 19.0.12
nozominetworks/guardian 19.0.0 - 19.0.12
Published Feb 22, 2021
Tracked Since Feb 18, 2026