CVE-2024-13090 HIGH

CVE-2024-13090: Privilege escalation in Guardian/CMC before 24.6.0

Vendor Nozomi Networks
Product Guardian
Weakness CWE-250
Published June 10, 2025
Last update June 10, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated