{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-13089","assignerOrgId":"bec8025f-a851-46e5-b3a3-058e6b0aa23c","state":"PUBLISHED","assignerShortName":"Nozomi","dateReserved":"2024-12-31T11:12:54.800Z","datePublished":"2025-06-10T10:29:40.282Z","dateUpdated":"2025-06-10T14:29:34.746Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Guardian","vendor":"Nozomi Networks","versions":[{"lessThan":"24.6.0","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"CMC","vendor":"Nozomi Networks","versions":[{"lessThan":"24.6.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"IOActive found this issue during a VAPT testing session commissioned by one of our customers."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.</div></div><div><div>Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.</div><div>While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.</div><div>This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.</div></div>"}],"value":"An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.\n\n\n\nUsers with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.\n\nWhile these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.\n\nThis issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability."}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.5,"baseSeverity":"HIGH","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bec8025f-a851-46e5-b3a3-058e6b0aa23c","shortName":"Nozomi","dateUpdated":"2025-06-10T10:29:40.282Z"},"references":[{"url":"https://security.nozominetworks.com/NN-2025:1-01"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>Upgrade to v24.6.0 or later.</div></div>"}],"value":"Upgrade to v24.6.0 or later."}],"source":{"discovery":"EXTERNAL"},"title":"Authenticated RCE in update functionality in Guardian/CMC before 24.6.0","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>Only install update packages from trusted sources.</div></div>"}],"value":"Only install update packages from trusted sources."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-10T14:28:44.178820Z","id":"CVE-2024-13089","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-10T14:29:34.746Z"}}]}}