Nozomi Networks Guardian and CMC Stored HTML Injection Vulnerability in Time Machine Functionality

A stored HTML injection vulnerability has been identified in the Time Machine Snapshot Diff feature of Nozomi Networks Guardian and CMC versions prior to 25.5.0. This vulnerability arises from inadequate validation of network traffic data, allowing an unauthenticated attacker to send specially crafted packets at two different times. These packets can inject HTML tags into asset attributes across two snapshots. Exploitation requires the victim to use the Time Machine Snapshot Diff feature on the affected snapshots and perform specific GUI actions, at which point the injected HTML is rendered in their browser. This could facilitate phishing and open redirect attacks. While full cross-site scripting exploitation is mitigated by input validation and Content Security Policy, the attack complexity is high due to the multiple conditions that must be met.

Impact

Exploitation of this vulnerability allows for stored HTML injection, which is rendered in the context of the user's browser. This could be used to conduct phishing attacks or open redirect attacks. Although the injected HTML could potentially be used for cross-site scripting, such exploitation is blocked by input validation and Content Security Policy.

Remediation

Users are advised to upgrade to Nozomi Networks Guardian or CMC version 25.5.0 or later.