OS Command Injection Vulnerability in Nozomi Networks Guardian and CMC
CVE-2024-13089

7.5HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 10 June 2025

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2024-13089?

An OS command injection vulnerability exists within the update functionality of Nozomi Networks Guardian and CMC. Authenticated administrators can upload update packages, which are signed and validated before installation. However, a flaw in the signature validation process could permit the execution of unauthorized OS commands. This vulnerability may allow adversaries to perform remote command execution, jeopardizing the confidentiality, integrity, and availability of the systems.

Affected Version(s)

CMC 0 < 24.6.0

Guardian 0 < 24.6.0

References

https://security.nozominetworks.com/NN-2025:1-01

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Dec 31, 2024

Credit

IOActive found this issue during a VAPT testing session commissioned by one of our customers.