Cmc
Monthly
Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC) lets an authenticated low-privilege user push administrative CLI commands to managed Arc sensors, because those sensors incorrectly inherit CLI permissions during sync. Successful abuse alters device configuration and can degrade or disable sensor availability, undermining OT/ICS monitoring integrity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; risk is elevated by the network-reachable, low-privilege (PR:L) attack path against a security-critical appliance.
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauthenticated attacker fill available storage by sending requests with oversized input that the audit-logging subsystem records without any size limit. Because the affected devices are OT/ICS network-monitoring appliances, exhausting disk can render the sensor or its management console inoperable and blind defenders. No public exploit is identified at time of analysis; EPSS and KEV data were not provided, but the network/unauthenticated CVSS 4.0 profile (VA:H) makes this a low-effort attack.
Unauthenticated access to the SSH keys synchronization endpoint in Nozomi Networks Guardian and CMC exposes user enumeration data and SSH public keys to any network-reachable attacker. By sending a single unauthenticated request to this endpoint, an attacker can retrieve usernames, group memberships, and uploaded SSH public keys - providing meaningful reconnaissance into the OT security platform's user base. No public exploit has been identified at time of analysis, and no CISA KEV listing exists; the CVSS 4.0 score of 6.9 reflects low confidentiality impact with no integrity or availability risk.
Open Redirect via SAML SSO cache poisoning in Nozomi Networks Guardian and CMC allows unauthenticated remote attackers to corrupt the server-side redirect cache for all users by submitting a crafted request to the SAML sign-in endpoint with a malicious redirection parameter. Victims who subsequently initiate SAML Single Sign-On are transparently redirected to attacker-controlled infrastructure, enabling phishing and credential theft. The flaw additionally disrupts legitimate SAML authentication for affected users, introducing an availability dimension beyond the typical Open Redirect threat model. No active exploitation (KEV) or public exploit code has been identified at time of analysis.
Stored HTML injection in Nozomi Networks Guardian and CMC (N2OS) allows authenticated administrators to embed malicious HTML into configuration data rendered in the Diagram tab and Graph view, enabling phishing and open redirect attacks against other authenticated users who view the affected pages. The vulnerability originates from a shared input validation function applied across multiple input vectors in N2OS that is insufficiently restrictive, permitting certain HTML tags to persist. Full XSS exploitation and direct information disclosure are explicitly constrained by existing input validation and a Content Security Policy, limiting realistic attacker impact to social engineering vectors. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis.
Stored Cross-Site Scripting (XSS) in Nozomi Networks Guardian and CMC allows authenticated attackers with custom field privileges to inject malicious JavaScript payloads through the Assets and Nodes custom field functionality. When victims view affected pages, the XSS executes with high integrity and availability impact due to changed scope (CVSS S:C), enabling unauthorized actions including data modification and service disruption. No public exploit identified at time of analysis, though the attack complexity is low (AC:L) once custom field access is obtained.
Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users to perform administrative actions, including modifying or deleting threat intelligence rules. With CVSS 8.1 (High) driven by high integrity and availability impact, this access control bypass (CWE-863) enables low-privileged users to alter critical security configurations remotely. No public exploit identified at time of analysis, though EPSS data unavailable. Authentication requirements lower the barrier only slightly, as compromised low-privilege accounts are common in enterprise environments.
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. [CVSS 4.8 MEDIUM]
Path traversal in Nozomi Networks CMC and Guardian allows authenticated users with limited privileges to write arbitrary files to any system location by uploading a malicious Arc data archive. This enables device configuration tampering and denial-of-service attacks. Attack requires low-privilege authentication but has high integrity and availability impact (CVSS 7.2). No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated insiders or compromised accounts.
Stored HTML injection in Nozomi Networks CMC and Guardian Asset List functionality allows unauthenticated remote attackers to inject malicious HTML tags into asset attributes via crafted network packets, enabling phishing and open redirect attacks when victims view affected assets. CVSS 5.3 (medium severity) with user interaction required; exploitation is bounded by existing Content Security Policy and input validation that prevent full XSS and direct information disclosure.
Stored cross-site scripting in Nozomi Networks CMC and Guardian allows authenticated users with report privileges to inject malicious JavaScript payloads into report definitions. When victims view or import these weaponized reports, the XSS executes in their browser context, enabling attackers to modify application data, disrupt availability, and access sensitive information. The vulnerability requires low-privilege authentication and user interaction (CVSS:4.0 score 7.1, PR:L/UI:P), with high integrity and availability impacts but limited confidentiality exposure. No public exploit identified at time of analysis, though the attack technique is well-understood and straightforward given the stored XSS nature.
Stored HTML injection in Nozomi Networks CMC and Guardian Time Machine Snapshot Diff feature allows unauthenticated attackers to inject HTML tags into asset attributes across snapshots via specially crafted network packets. When a victim uses the Snapshot Diff feature and performs specific GUI actions, the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is mitigated by input validation and Content Security Policy. This vulnerability has not been confirmed as actively exploited, requires high attack complexity (multiple preconditions), and results in low integrity impact with limited scope.
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC) lets an authenticated low-privilege user push administrative CLI commands to managed Arc sensors, because those sensors incorrectly inherit CLI permissions during sync. Successful abuse alters device configuration and can degrade or disable sensor availability, undermining OT/ICS monitoring integrity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; risk is elevated by the network-reachable, low-privilege (PR:L) attack path against a security-critical appliance.
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauthenticated attacker fill available storage by sending requests with oversized input that the audit-logging subsystem records without any size limit. Because the affected devices are OT/ICS network-monitoring appliances, exhausting disk can render the sensor or its management console inoperable and blind defenders. No public exploit is identified at time of analysis; EPSS and KEV data were not provided, but the network/unauthenticated CVSS 4.0 profile (VA:H) makes this a low-effort attack.
Unauthenticated access to the SSH keys synchronization endpoint in Nozomi Networks Guardian and CMC exposes user enumeration data and SSH public keys to any network-reachable attacker. By sending a single unauthenticated request to this endpoint, an attacker can retrieve usernames, group memberships, and uploaded SSH public keys - providing meaningful reconnaissance into the OT security platform's user base. No public exploit has been identified at time of analysis, and no CISA KEV listing exists; the CVSS 4.0 score of 6.9 reflects low confidentiality impact with no integrity or availability risk.
Open Redirect via SAML SSO cache poisoning in Nozomi Networks Guardian and CMC allows unauthenticated remote attackers to corrupt the server-side redirect cache for all users by submitting a crafted request to the SAML sign-in endpoint with a malicious redirection parameter. Victims who subsequently initiate SAML Single Sign-On are transparently redirected to attacker-controlled infrastructure, enabling phishing and credential theft. The flaw additionally disrupts legitimate SAML authentication for affected users, introducing an availability dimension beyond the typical Open Redirect threat model. No active exploitation (KEV) or public exploit code has been identified at time of analysis.
Stored HTML injection in Nozomi Networks Guardian and CMC (N2OS) allows authenticated administrators to embed malicious HTML into configuration data rendered in the Diagram tab and Graph view, enabling phishing and open redirect attacks against other authenticated users who view the affected pages. The vulnerability originates from a shared input validation function applied across multiple input vectors in N2OS that is insufficiently restrictive, permitting certain HTML tags to persist. Full XSS exploitation and direct information disclosure are explicitly constrained by existing input validation and a Content Security Policy, limiting realistic attacker impact to social engineering vectors. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis.
Stored Cross-Site Scripting (XSS) in Nozomi Networks Guardian and CMC allows authenticated attackers with custom field privileges to inject malicious JavaScript payloads through the Assets and Nodes custom field functionality. When victims view affected pages, the XSS executes with high integrity and availability impact due to changed scope (CVSS S:C), enabling unauthorized actions including data modification and service disruption. No public exploit identified at time of analysis, though the attack complexity is low (AC:L) once custom field access is obtained.
Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users to perform administrative actions, including modifying or deleting threat intelligence rules. With CVSS 8.1 (High) driven by high integrity and availability impact, this access control bypass (CWE-863) enables low-privileged users to alter critical security configurations remotely. No public exploit identified at time of analysis, though EPSS data unavailable. Authentication requirements lower the barrier only slightly, as compromised low-privilege accounts are common in enterprise environments.
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. [CVSS 4.8 MEDIUM]
Path traversal in Nozomi Networks CMC and Guardian allows authenticated users with limited privileges to write arbitrary files to any system location by uploading a malicious Arc data archive. This enables device configuration tampering and denial-of-service attacks. Attack requires low-privilege authentication but has high integrity and availability impact (CVSS 7.2). No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated insiders or compromised accounts.
Stored HTML injection in Nozomi Networks CMC and Guardian Asset List functionality allows unauthenticated remote attackers to inject malicious HTML tags into asset attributes via crafted network packets, enabling phishing and open redirect attacks when victims view affected assets. CVSS 5.3 (medium severity) with user interaction required; exploitation is bounded by existing Content Security Policy and input validation that prevent full XSS and direct information disclosure.
Stored cross-site scripting in Nozomi Networks CMC and Guardian allows authenticated users with report privileges to inject malicious JavaScript payloads into report definitions. When victims view or import these weaponized reports, the XSS executes in their browser context, enabling attackers to modify application data, disrupt availability, and access sensitive information. The vulnerability requires low-privilege authentication and user interaction (CVSS:4.0 score 7.1, PR:L/UI:P), with high integrity and availability impacts but limited confidentiality exposure. No public exploit identified at time of analysis, though the attack technique is well-understood and straightforward given the stored XSS nature.
Stored HTML injection in Nozomi Networks CMC and Guardian Time Machine Snapshot Diff feature allows unauthenticated attackers to inject HTML tags into asset attributes across snapshots via specially crafted network packets. When a victim uses the Snapshot Diff feature and performs specific GUI actions, the injected HTML renders in their browser, enabling phishing and open redirect attacks. Full XSS exploitation is mitigated by input validation and Content Security Policy. This vulnerability has not been confirmed as actively exploited, requires high attack complexity (multiple preconditions), and results in low integrity impact with limited scope.
A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Rated medium severity (CVSS 5.4). No vendor patch available.
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.