Privilege Escalation Vulnerability in Local Service Accounts by Vendor
CVE-2024-13090

7.3HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 10 June 2025

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2024-13090?

A vulnerability exists due to excessively permissive sudo rules configured for local service accounts, potentially allowing unauthorized administrative access. If a malicious actor can execute arbitrary commands using a compromised service account, they could escalate their privileges significantly. While no active exploitation vector has been identified, the inherent risks associated with such misconfigurations highlight the importance of rigorous security practices.

Affected Version(s)

CMC 0 < 24.6.0

Guardian 0 < 24.6.0

References

https://security.nozominetworks.com/NN-2025:2-01

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Dec 31, 2024

Credit

IOActive found this issue during a VAPT testing session commissioned by one of our customers.