Nozomi Networks Guardian and CMC SQL Injection Vulnerability in Alert Functionality

A SQL injection vulnerability has been identified in the Alert feature of Nozomi Networks Guardian and CMC versions prior to 25.2.0. This vulnerability arises from inadequate validation of an input parameter, allowing an authenticated user with limited privileges to execute arbitrary SELECT statements on the application's database management system. This exploitation could lead to the unauthorized exposure of data.

Impact

Exploitation of this vulnerability allows for authenticated users with limited privileges to execute arbitrary SELECT SQL statements on the application's database, potentially exposing unauthorized data.

Remediation

Users are advised to upgrade to version 25.2.0 or later. Additionally, it is recommended to use internal firewall features to limit access to the web management interface and to review and delete unnecessary accounts with access to it.