CVE-2025-40896

Medium CVSS: 6.3

The server certificate was not verified when an Arc agent connected to a Guardian or CMC.

A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.

Vendor

Nozominetworks

Product

Arc

CWE

CWE-295

Yayın Tarihi

2026-03-04 14:16:14

Güncelleme

2026-03-05 18:48:12

Source Identifier

prodsec@nozominetworks.com

KEV Date Added

Kategoriler

CWE-295 Arc MEDIUM Nozominetworks 2026

Referanslar

https://security.nozominetworks.com/NN-2025:18-01

Benzer Kayıtlar

Low

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper valida…

Low

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on…

Low

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper val…

High

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an…

Medium

CVE-2025-40893

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of netwo…

High

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validatio…