Nozomi Networks Guardian and CMC Stored HTML Injection Vulnerability in Schedule Restore Archive

A stored HTML injection vulnerability has been identified in the Schedule Restore Archive feature of Nozomi Networks Guardian and CMC versions prior to 26.1.0. This vulnerability arises from inadequate validation of an input parameter, allowing an authenticated user with administrative rights to create a malicious restore schedule that includes HTML tags. When another user views the schedule, the injected HTML is rendered in their browser, potentially leading to phishing attacks and open redirects. However, full exploitation of cross-site scripting and direct information disclosure is mitigated by existing input validation and Content Security Policy settings.

Impact

Exploitation allows for stored HTML injection, with the injected HTML being rendered in the browser of users who view the affected schedule. This could facilitate phishing attacks and open redirects, although full cross-site scripting exploitation and direct information disclosure are blocked by current input validation and Content Security Policy configurations.

Remediation

Users are advised to upgrade to version 26.1.0 or later. Additionally, it is recommended to use internal firewall features to restrict access to the web management interface and to review and remove unnecessary administrative accounts.