7.3
CVE-2024-13090
- EPSS 0.12%
- Veröffentlicht 10.06.2025 10:31:02
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle prodsec@nozominetworks.com
- CVE-Watchlists
- Unerledigt
Privilege escalation in Guardian/CMC before 24.6.0
A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNozomi Networks
≫
Produkt
Guardian
Default Statusunaffected
Version
0
Version <
24.6.0
Status
affected
HerstellerNozomi Networks
≫
Produkt
CMC
Default Statusunaffected
Version
0
Version <
24.6.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.019 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| prodsec@nozominetworks.com | 7.3 | 0 | 0 |
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| prodsec@nozominetworks.com | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-250 Execution with Unnecessary Privileges
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
https://security.nozominetworks.com/NN-2025:2-01