Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.
Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.
While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.
This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
AnalysisAI
CVE-2024-13089 is an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC appliances that allows authenticated administrators to bypass signature validation and execute arbitrary OS commands. While the vulnerability requires high-privilege administrative access, the improper cryptographic signature validation on update packages creates a critical integrity bypass that could lead to complete system compromise. The attack is network-accessible with no user interaction required once an administrator initiates an update.
Technical ContextAI
The vulnerability exists in the update package processing mechanism of Nozomi Networks Guardian and CMC products (CPE identifiers: cpe:2.3:a:nozominetworks:guardian:* and cpe:2.3:a:nozominetworks:cmc:*). The root cause is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) combined with an improper cryptographic signature validation weakness (CWE-347). Administrators can upload digitally signed update packages; however, the signature validation logic contains a flaw that fails to properly authenticate the package integrity before processing. This allows injection of malicious OS commands within update payloads that are executed with elevated privileges during the update installation process. The vulnerability bypasses intended security controls designed to ensure only legitimate, vendor-signed updates are processed.
RemediationAI
Immediate actions: (1) Apply the latest security patches from Nozomi Networks as soon as available—vendor advisory and patch links should be obtained directly from Nozomi Networks' website or security portal. (2) Restrict administrative access to the Guardian and CMC update functionality to a minimal set of trusted personnel; implement multi-factor authentication for administrative accounts if not already in place. (3) Audit recent update activity logs to identify any unauthorized or suspicious update submissions. (4) If immediate patching is not possible, implement network-level controls to restrict access to the update management interface to trusted networks or jump hosts. (5) Monitor for unexpected process execution or command activity on Guardian and CMC appliances post-update. Longer-term: validate that all future updates originate from official Nozomi Networks sources and consider implementing additional integrity verification mechanisms beyond signature validation.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54660