RCE in Nozomi Networks Cmc

CVE-2024-13089

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.010 (58.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-13089?
CVE-2024-13089 is a high-severity vulnerability in Nozomi Networks Cmc, classified under OS Command Injection. CVSS score: 7.2/10. Published 2025-06-10.
How severe is CVE-2024-13089?
High severity. CVSS v3 base score is 7.2 out of 10.