CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionNVD
A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper validation of network traffic data. An unauthenticated attacker can send specially crafted network packets at two different times to inject HTML tags into asset attributes across two snapshots. Exploitation requires a victim to use the Time Machine Snapshot Diff feature on those specific snapshots and perform specific GUI actions, at which point the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is prevented by input validation and Content Security Policy. Attack complexity is high due to multiple required conditions.
AnalysisAI
Stored HTML injection in Nozomi Networks CMC and Guardian Time Machine Snapshot Diff feature allows unauthenticated attackers to inject HTML tags into asset attributes across snapshots via specially crafted network packets. When a victim uses the Snapshot Diff feature and performs specific GUI actions, the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is mitigated by input validation and Content Security Policy. This vulnerability has not been confirmed as actively exploited, requires high attack complexity (multiple preconditions), and results in low integrity impact with limited scope.
Technical ContextAI
The vulnerability exists in the Time Machine Snapshot Diff functionality within Nozomi Networks CMC and Guardian products, which compare network asset attributes across two point-in-time snapshots. The root cause is improper validation of network traffic data (CWE-79: Improper Neutralization of Input During Web Page Generation) when processing asset metadata. Attackers craft network packets at two distinct time intervals that inject unvalidated HTML tags into asset attribute fields. When the Snapshot Diff feature renders these attributes in a web browser context, the injected HTML is processed, though full XSS execution is constrained by Content Security Policy headers and residual input validation. The CPE strings indicate the vulnerability affects the broader CMC and Guardian product lines without version-specific constraints documented in the CPE, suggesting either all versions or a wide version range is affected.
RemediationAI
Organizations should immediately apply security updates provided by Nozomi Networks for CMC and Guardian products. Consult the official vendor advisory at https://security.nozominetworks.com/NN-2025:12-01 for exact patch versions and deployment procedures. Interim mitigations include restricting access to the Time Machine Snapshot Diff feature to trusted administrators only, monitoring network traffic for suspicious packet patterns targeting asset attributes, and implementing network segmentation to limit exposure of CMC and Guardian interfaces. As a temporary control, disable the Snapshot Diff feature if not operationally critical until patches are applied. Verify that Content Security Policy headers are enabled and properly configured in all instances to maintain the existing XSS mitigation layer.
Share
External POC / Exploit Code
Leaving vuln.today