Primary

Context

Nozomi Networks Guardian and CMC OS Command Injection Vulnerability in Update Functionality

Vulnerability

Patched

A command injection vulnerability has been identified in the update functionality of Nozomi Networks Guardian and CMC, affecting versions prior to 24.6.0. This vulnerability allows authenticated administrators to execute arbitrary operating system commands. While update packages are signed and their signatures are validated before installation, an improper signature validation check has been discovered. This flaw could enable remote command execution on the appliance, impacting its confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the affected appliance, potentially allowing for further exploitation or manipulation of the system.

Remediation

Users are advised to upgrade to version 24.6.0 or later. Only install update packages from trusted sources.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nozomi Networks Guardian and CMC OS Command Injection Vulnerability in Update Functionality

Vulnerability

Impact

Remediation

Affected Products

Nozomi Networks Guardian

Nozomi Networks CMC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating