Nozominetworks: >> Cmc >> 25.2.0 Security Vulnerabilities
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-18
A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-10-07
Page 2