Vulnerability Details CVE-2021-26724
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2021-26724
-
cpe:2.3:a:nozominetworks:central_management_control:*
-
cpe:2.3:a:nozominetworks:guardian:*
-
cpe:2.3:a:nozominetworks:guardian:19.0.4