Description
A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.
Scores
CVSS v3
7.0
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (2)
Nozomi Networks/CMC
< 24.6.0
Nozomi Networks/Guardian
< 24.6.0
Published
Jun 10, 2025
Tracked Since
Feb 18, 2026