Nozomi Networks Guardian and CMC Stored HTML Injection Vulnerability in Users Functionality

A stored HTML injection vulnerability has been identified in the Users functionality of Nozomi Networks Guardian and CMC versions prior to 26.1.0. This vulnerability arises from inadequate validation of input parameters, allowing an authenticated user with administrative privileges to create a user with a username that includes HTML tags. When another user attempts to delete a group containing the manipulated user, the injected HTML is executed in their browser. This could lead to phishing attacks and potentially allow open redirects. However, full exploitation of cross-site scripting and direct information disclosure is blocked by current input validation and Content Security Policy settings.

Impact

Exploitation of this vulnerability allows for stored HTML injection, with the injected HTML being executed in the context of the victim's browser. This could facilitate phishing attacks and open redirect vulnerabilities. While the injection could be exploited for cross-site scripting, such exploitation is not possible due to existing input validation and Content Security Policy measures.

Remediation

Users are advised to upgrade to version 26.1.0 or later. Additionally, it is recommended to use internal firewall features to restrict access to the web management interface, review accounts with administrative privileges, and delete any unnecessary accounts. Existing usernames should also be reviewed for potential exploitation.