Guardian
CVE-2020-7049
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.
AnalysisAI
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1236. Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Affected products include: Nozominetworks Guardian. Version information: before 19.0.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today