CVE-2026-31985

Nozomi Networks · Remote Collector

Nozomi Remote Collector fails to verify TLS certificates when configured via n2os-tui, exposing communication to potential interception.

Executive summary

A vulnerability in the Nozomi Remote Collector configuration process disables TLS certificate verification, creating a significant risk of man-in-the-middle attacks.

Vulnerability

This is an authentication-related security flaw (CWE-671) where the n2os-tui tool generates configurations that disable TLS certificate verification by default. The vulnerability is exploitable by an unauthenticated attacker positioned to intercept network traffic between the collector and the upstream Guardian or CMC.

Business impact

Successful exploitation allows an attacker to perform man-in-the-middle attacks, potentially intercepting or altering data transmitted between the Remote Collector and the management console. With a CVSS score of 8.1, the high potential for data integrity compromise necessitates immediate attention to ensure secure communication channels within the monitoring infrastructure.

Remediation

Immediate Action: Upgrade the Nozomi Remote Collector software to version 26.2.0 or later to ensure TLS certificate verification is enforced.

Proactive Monitoring: Review network communication logs for unexpected connections or certificate mismatch errors originating from the Remote Collector.

Compensating Controls: Isolate the management network segment to minimize the number of entities capable of intercepting traffic between the collector and the management console.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The reliance on unverified TLS certificates undermines the fundamental security of the monitoring architecture. Administrators should prioritize the deployment of version 26.2.0 to restore cryptographic validation and mitigate the risk of traffic interception.