CVE-2021-26725 – This path traversal vulnerability in Nozomi Net... (How to Fix)

Q: What is the severity of CVE-2021-26725?

CVE-2021-26725 has a CVSS score of 7.2 (HIGH). This path traversal vulnerability in Nozomi Networks Guardian and CMC allows authenticated administrators to read protected system files through the web GUI's timezone change function. It affects Guardian and CMC versions 20.0.7.3 and earlier. Exploitation requires administrator credentials but enables unauthorized file access.

📋 TL;DR

This path traversal vulnerability in Nozomi Networks Guardian and CMC allows authenticated administrators to read protected system files through the web GUI's timezone change function. It affects Guardian and CMC versions 20.0.7.3 and earlier. Exploitation requires administrator credentials but enables unauthorized file access.

💻 Affected Systems

Products:

Nozomi Networks Guardian
Nozomi Networks CMC

Versions: 20.0.7.3 and prior versions

Operating Systems: Not specified, likely appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator authentication to exploit. Affects web GUI interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials are compromised, allowing attackers to read sensitive system files, potentially exposing configuration secrets, credentials, or other protected data.

🟠

Likely Case

Malicious insider or compromised administrator account reads sensitive system files containing configuration data or credentials.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized administrators who should already have access to most system files.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials but path traversal techniques are well-understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 20.0.7.3

Vendor Advisory: https://security.nozominetworks.com/NN-2021:2-01

Restart Required: Yes

Instructions:

1. Upgrade to version after 20.0.7.3. 2. Follow Nozomi Networks upgrade documentation. 3. Restart affected services.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit administrator accounts to trusted personnel only and implement strong authentication controls.

Network Segmentation

all

Isolate Nozomi Networks devices from general network access, limiting exposure to potential attackers.

🧯 If You Can't Patch

Implement strict access controls on administrator accounts with multi-factor authentication.
Monitor administrator activity logs for unusual file access patterns through the web GUI.

🔍 How to Verify

Check if Vulnerable:

Check version in web GUI or via CLI: version should be 20.0.7.3 or earlier.

Check Version:

Check web GUI dashboard or consult Nozomi Networks documentation for version check commands.

Verify Fix Applied:

Verify version is updated to later than 20.0.7.3 and test timezone change functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns via web GUI
Multiple timezone change attempts
Access to protected system file paths

Network Indicators:

HTTP requests to timezone change endpoint with path traversal patterns

SIEM Query:

web_gui_access AND (path_traversal_patterns OR unusual_file_access)

📊 Metadata

CVE ID: CVE-2021-26725

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-24

Published: February 22, 2021

Last Updated: November 21, 2024

🔗 References

https://security.nozominetworks.com/NN-2021:2-01 Vendor Advisory
https://security.nozominetworks.com/NN-2021:2-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26725, you might also want to check these: