← Back to CVEs
CVE-2024-13089
HIGH7.2
Description
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified. This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published6/10/2025
Last Modified6/12/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-78
References
https://security.nozominetworks.com/NN-2025:1-01(prodsec@nozominetworks.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.