关键漏洞信息 漏洞概述 Advisory ID: NN-2025:2-01 Topic: Privilege escalation in Guardian/CMC before 24.6.0 CVE Impact: CWE-250: Execution with Unnecessary Privileges Issue date: 2025-06-10 CVE Name(s): CVE-2024-13090 CVSS Score: - 7.3 (CVSS v4.0) - 7.0 (CVSS v3.1) CVE Risk Level: High 影响范围 Affected Products: Guardian, CMC < v24.6.0 Summary: A privilege escalation vulnerability may enable a service account to elevate its privileges. Impact: The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. 解决方案和缓解措施 Solutions: Upgrade to v24.6.0 or later. Workarounds and Mitigations: N/A 其他信息 Acknowledgements: IOActive for finding this issue during a VAPT testing session commissioned by one of our customers. Contact: Nozomi Networks Product Security team can be reached at prodsec@nozominetworks.com.