Nozominetworks: >> Cmc >> 22.6.2 Security Vulnerabilities
A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-10-07
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.
CVSS Score
5.8
EPSS Score
0.0
Published
2025-10-07
An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/or affecting its availability.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-10-07
Page 2