RCE in Nozomi Networks Cmc
CVE-2024-13089
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.010 (58.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Nozomi Networks Cmc — versions 0
- Nozomi Networks Guardian — versions 0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2024-13089?
- CVE-2024-13089 is a high-severity vulnerability in Nozomi Networks Cmc, classified under OS Command Injection. CVSS score: 7.2/10. Published 2025-06-10.
- How severe is CVE-2024-13089?
- High severity. CVSS v3 base score is 7.2 out of 10.