CVE-2026-31985: CWE-671 Lack of administrator control over security in Nozomi Networks Remote Collector
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Remote Collector and the Guardian or CMC. This could result in theft of the sync token, impersonation of the server, injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC, or disruption of the data flow between the Remote Collector and the Guardian or CMC.
AI Analysis
Technical Summary
The vulnerability arises because the Remote Collector's configuration generated through n2os-tui disables TLS certificate verification when connecting to the upstream Guardian or CMC. Since there is no option to enable TLS verification, an attacker positioned between the Remote Collector and the Guardian or CMC can perform man-in-the-middle attacks. This can lead to theft of synchronization tokens, server impersonation, injection of spoofed data such as false asset or vulnerability information, and disruption of data synchronization between components.
Potential Impact
An attacker exploiting this vulnerability can intercept and manipulate communications between the Remote Collector and the Guardian or CMC. This can result in theft of sensitive sync tokens, unauthorized impersonation of servers, injection of false data into the system, and disruption of data flow, potentially undermining the integrity and reliability of the monitoring infrastructure.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix or configuration option is provided, users should be aware that TLS certificate verification is disabled by design in this scenario. No vendor advisory or patch information is currently available to address this issue.
CVE-2026-31985: CWE-671 Lack of administrator control over security in Nozomi Networks Remote Collector
Description
When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Remote Collector and the Guardian or CMC. This could result in theft of the sync token, impersonation of the server, injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC, or disruption of the data flow between the Remote Collector and the Guardian or CMC.
CVSS v4.0
Score 8.3high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises because the Remote Collector's configuration generated through n2os-tui disables TLS certificate verification when connecting to the upstream Guardian or CMC. Since there is no option to enable TLS verification, an attacker positioned between the Remote Collector and the Guardian or CMC can perform man-in-the-middle attacks. This can lead to theft of synchronization tokens, server impersonation, injection of spoofed data such as false asset or vulnerability information, and disruption of data synchronization between components.
Potential Impact
An attacker exploiting this vulnerability can intercept and manipulate communications between the Remote Collector and the Guardian or CMC. This can result in theft of sensitive sync tokens, unauthorized impersonation of servers, injection of false data into the system, and disruption of data flow, potentially undermining the integrity and reliability of the monitoring infrastructure.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix or configuration option is provided, users should be aware that TLS certificate verification is disabled by design in this scenario. No vendor advisory or patch information is currently available to address this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Nozomi
- Date Reserved
- 2026-03-10T16:14:03.266Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4f598968715ace43f21a81
Added to database: 07/09/2026, 08:19:21 UTC
Last enriched: 07/09/2026, 08:32:32 UTC
Last updated: 07/09/2026, 19:47:31 UTC
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.