Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable sync abusable by an authenticated limited user (PR:L, AC:L) with no confidentiality impact but full config-integrity and availability loss on the device.
Primary rating from Vendor (Nozomi).
CVSS VectorVendor: Nozomi
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability.
AnalysisAI
Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC) lets an authenticated low-privilege user push administrative CLI commands to managed Arc sensors, because those sensors incorrectly inherit CLI permissions during sync. Successful abuse alters device configuration and can degrade or disable sensor availability, undermining OT/ICS monitoring integrity. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated account with limited privileges on a Nozomi Guardian/CMC deployment (PR:L) plus network access to the management/synchronization interface (AV:N); no user interaction and no non-default feature toggle is described - the flaw resides in the standard sync-to-Arc-sensor configuration path, and the specific prerequisite is that the account can invoke the synchronization functionality that pushes config to Arc sensors. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H, base 7.2) indicates a network-reachable attack requiring only low privilege, no user interaction, and no special attack requirements, with high integrity and availability impact but no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds a legitimate limited-privilege account on a Guardian/CMC deployment authenticates over the network and crafts administrative CLI commands, then triggers the synchronization function to push them to one or more Arc sensors. Because the sensors incorrectly accept CLI permissions from the sync, the commands execute administratively, letting the attacker rewrite sensor configuration or knock the sensor offline. … |
| Remediation | Apply the fix described in Nozomi Networks advisory NN-2026:13-01 (https://security.nozominetworks.com/NN-2026:13-01); an exact patched version is not included in the provided data, so obtain the fixed build directly from that advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: restrict Guardian and CMC administrative console access to essential personnel and audit current user permission assignments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42536
GHSA-w68v-42v6-6q7h