CVE-2026-33390
Nozomi Networks · Guardian and CMC
An incorrect privilege assignment vulnerability in the synchronization functionality allows Arc sensors to receive CLI permissions.
Executive summary
A high-severity privilege assignment vulnerability in Nozomi Networks Guardian and CMC products could allow unauthorized CLI access, posing a significant risk to system integrity.
Vulnerability
This vulnerability involves an incorrect privilege assignment within the system's synchronization mechanism. An authenticated user (via Arc sensor integration) may gain unauthorized Command Line Interface (CLI) permissions, which they should not possess.
Business impact
The ability for non-privileged sensors to obtain CLI access represents a major security breach, potentially allowing an attacker to modify system configurations or disrupt industrial monitoring operations. With a CVSS score of 8.1, this flaw is categorized as high-severity, as it compromises the administrative control plane of critical infrastructure security appliances.
Remediation
Immediate Action: Upgrade both Nozomi Networks Guardian and CMC deployments to version 26.2.0 or later immediately to resolve the privilege assignment flaw.
Proactive Monitoring: Review system access logs for any unauthorized CLI activity or unusual synchronization events originating from Arc sensors.
Compensating Controls: Restrict network access to the management interface of affected devices to only trusted administrative workstations until the update can be applied.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the potential for unauthorized administrative access, organizations should prioritize the deployment of version 26.2.0. Failure to patch these appliances could allow lateral movement or unauthorized control over the security monitoring environment.