Primary

Context

Nozomi Networks Guardian and CMC Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Nozomi Networks Guardian and CMC versions prior to 24.6.0. This vulnerability allows a service account to elevate its privileges, potentially leading to administrative access. The issue arises from overly permissive sudo rules for local service accounts, which could be exploited if a malicious actor were able to execute arbitrary commands as that account. However, no such exploitation vector has been reported in this case.

Impact

The vulnerability could allow a service account to gain administrative privileges, particularly if it could execute arbitrary commands under that account.

Remediation

Users are advised to upgrade to Guardian or CMC version 24.6.0 or later.

Added: Jun 10, 2025, 1:56 PM

Updated: Jun 10, 2025, 1:56 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nozomi Networks Guardian and CMC Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nozomi Networks Guardian

Nozomi Networks CMC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating