NN-2025:1-01
Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
Last update: 2025-06-10
| Advisory ID | NN-2025:1-01 |
|---|---|
| Topic | Authenticated RCE in update functionality in Guardian/CMC before 24.6.0 |
| CWE Impact | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| Issue date | 2025-06-10 |
| Affects | Guardian, CMC < v24.6.0 |
| CVE Name(s) | CVE-2024-13089 |
| CVSS Details | CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVSS Score | 7.5 (CVSS v4.0) 7.2 (CVSS v3.1) |
| CVE Risk Level | High (CVSS v4.0) High (CVSS v3.1) |
| Risk Level for Nozomi customers | High |
Summary
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.
Impact
Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified. This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
Affected Products
Guardian, CMC < v24.6.0
Workarounds and Mitigations
Only install update packages from trusted sources.
Solutions
Upgrade to v24.6.0 or later.
Modification History
2025-06-10: Initial revision
Related Links
Acknowledgements
We thank the following parties for their efforts:
- IOActive for finding this issue during a VAPT testing session commissioned by one of our customers
Contact
Nozomi Networks Product Security team can be reached at prodsec@nozominetworks.com.More contact details on the PSIRT page.