CVE-2024-13089
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.
Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.
While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.
This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.
While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.
This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-06-10 11:15:52
Güncelleme
2025-06-12 16:06:39
Source Identifier
prodsec@nozominetworks.com
KEV Date Added
-