CVE-2024-13090
Privilege escalation in Guardian/CMC before 24.6.0
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.
Una vulnerabilidad de escalada de privilegios podría permitir que una cuenta de servicio eleve sus privilegios. Las reglas de sudo configuradas para una cuenta de servicio local eran excesivamente permisivas, lo que podría permitir acceso administrativo si un agente malicioso pudiera ejecutar comandos arbitrarios desde esa cuenta. Es importante destacar que no se ha identificado tal vector en este caso.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-12-31 CVE Reserved
- 2025-06-10 CVE Published
- 2025-06-10 CVE Updated
- 2025-06-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-250: Execution with Unnecessary Privileges
CAPEC
- CAPEC-69: Target Programs with Elevated Privileges
- CAPEC-233: Privilege Escalation
References (1)
URL | Tag | Source |
---|---|---|
https://security.nozominetworks.com/NN-2025:2-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nozomi Networks Search vendor "Nozomi Networks" | Guardian Search vendor "Nozomi Networks" for product "Guardian" | < 24.6.0 Search vendor "Nozomi Networks" for product "Guardian" and version " < 24.6.0" | en |
Affected
| ||||||
Nozomi Networks Search vendor "Nozomi Networks" | CMC Search vendor "Nozomi Networks" for product "CMC" | < 24.6.0 Search vendor "Nozomi Networks" for product "CMC" and version " < 24.6.0" | en |
Affected
|