CVE-2026-31985
Nozomi Networks · Remote Collector
Nozomi Remote Collector fails to verify TLS certificates when configured via n2os-tui, exposing communication to potential interception.
Executive summary
A vulnerability in the Nozomi Remote Collector configuration process disables TLS certificate verification, creating a significant risk of man-in-the-middle attacks.
Vulnerability
This is an authentication-related security flaw (CWE-671) where the n2os-tui tool generates configurations that disable TLS certificate verification by default. The vulnerability is exploitable by an unauthenticated attacker positioned to intercept network traffic between the collector and the upstream Guardian or CMC.
Business impact
Successful exploitation allows an attacker to perform man-in-the-middle attacks, potentially intercepting or altering data transmitted between the Remote Collector and the management console. With a CVSS score of 8.1, the high potential for data integrity compromise necessitates immediate attention to ensure secure communication channels within the monitoring infrastructure.
Remediation
Immediate Action: Upgrade the Nozomi Remote Collector software to version 26.2.0 or later to ensure TLS certificate verification is enforced.
Proactive Monitoring: Review network communication logs for unexpected connections or certificate mismatch errors originating from the Remote Collector.
Compensating Controls: Isolate the management network segment to minimize the number of entities capable of intercepting traffic between the collector and the management console.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The reliance on unverified TLS certificates undermines the fundamental security of the monitoring architecture. Administrators should prioritize the deployment of version 26.2.0 to restore cryptographic validation and mitigate the risk of traffic interception.