Search criteria
12 vulnerabilities found for genian_ztna by genians
FKIE_CVE-2023-40252
Vulnerability from fkie_nvd - Published: 2023-08-17 07:15 - Updated: 2024-11-21 08:19
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| genians | genian_nac | * | |
| genians | genian_nac | * | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_ztna | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B",
"versionEndExcluding": "4.0.156",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C",
"versionEndExcluding": "5.0.55",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*",
"matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*",
"matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"id": "CVE-2023-40252",
"lastModified": "2024-11-21T08:19:03.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T07:15:43.847",
"references": [
{
"source": "vuln@krcert.or.kr",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"sourceIdentifier": "vuln@krcert.or.kr",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-40251
Vulnerability from fkie_nvd - Published: 2023-08-17 07:15 - Updated: 2024-11-21 08:19
Severity ?
5.2 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| genians | genian_nac | * | |
| genians | genian_nac | * | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_ztna | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B",
"versionEndExcluding": "4.0.156",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C",
"versionEndExcluding": "5.0.55",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*",
"matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*",
"matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"id": "CVE-2023-40251",
"lastModified": "2024-11-21T08:19:03.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 3.6,
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T07:15:43.737",
"references": [
{
"source": "vuln@krcert.or.kr",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"sourceIdentifier": "vuln@krcert.or.kr",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-40254
Vulnerability from fkie_nvd - Published: 2023-08-11 07:15 - Updated: 2024-11-21 08:19
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| genians | genian_nac | * | |
| genians | genian_nac | * | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_ztna | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B",
"versionEndExcluding": "4.0.156",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C",
"versionEndExcluding": "5.0.55",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*",
"matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*",
"matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de descarga de c\u00f3digo sin comprobaci\u00f3n de integridad en Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA permite la actualizaci\u00f3n de software malicioso. Este problema afecta a \nGenian NAC V4.0: de V4.0.0 a V4.0.155; \nGenian NAC V5.0: de V5.0.0 a V5.0.42 (Revisi\u00f3n 117460); \nGenian NAC Suite V5.0: de V5.0.0 a V5.0.54; \nGenian ZTNA: de V6.0.0 a V6.0.15.\n"
}
],
"id": "CVE-2023-40254",
"lastModified": "2024-11-21T08:19:04.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T07:15:09.423",
"references": [
{
"source": "vuln@krcert.or.kr",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"sourceIdentifier": "vuln@krcert.or.kr",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-40253
Vulnerability from fkie_nvd - Published: 2023-08-11 06:15 - Updated: 2024-11-21 08:19
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| genians | genian_nac | * | |
| genians | genian_nac | * | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_nac | 5.0.42 | |
| genians | genian_ztna | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B",
"versionEndExcluding": "4.0.156",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*",
"matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C",
"versionEndExcluding": "5.0.55",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*",
"matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*",
"matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0",
"versionEndExcluding": "6.0.16",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en productos de Geanians tales como Genian NAC V4.0, Genian NAC V5.0, Genian NAC Suite V5.0, Genian ZTNA permite el abuso de autenticaci\u00f3n. Este problema afecta a \nGenian NAC V4. 0: desde V4.0.0 hasta V4.0.155; \nGenian NAC V5.0: desde V5.0.0 hasta V5.0.42 (Revisi\u00f3n 117460);\nGenian NAC Suite V5.0: desde V5.0.0 hasta V5.0.54; \nGenian ZTNA: desde V6.0.0 hasta V6.0.15."
}
],
"id": "CVE-2023-40253",
"lastModified": "2024-11-21T08:19:03.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T06:15:10.673",
"references": [
{
"source": "vuln@krcert.or.kr",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"sourceIdentifier": "vuln@krcert.or.kr",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "vuln@krcert.or.kr",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-40251 (GCVE-0-2023-40251)
Vulnerability from cvelistv5 – Published: 2023-08-17 06:54 – Updated: 2024-10-01 18:14
VLAI?
Summary
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
5.2 (Medium)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:10:03.722743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:14:56.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T00:56:07.979Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40251",
"datePublished": "2023-08-17T06:54:14.152Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-01T18:14:56.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40252 (GCVE-0-2023-40252)
Vulnerability from cvelistv5 – Published: 2023-08-17 06:41 – Updated: 2024-10-01 18:17
VLAI?
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:10:08.410399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:17:21.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-558",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-558 Replace Trusted Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T01:51:40.680Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40252",
"datePublished": "2023-08-17T06:41:53.096Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-01T18:17:21.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40254 (GCVE-0-2023-40254)
Vulnerability from cvelistv5 – Published: 2023-08-11 06:08 – Updated: 2024-10-10 14:58
VLAI?
Summary
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:genians:genian_nac:4.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "genian_nac",
"vendor": "genians",
"versions": [
{
"lessThanOrEqual": "4.0.155",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.42",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.54",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.15",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:54:36.654999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:58:22.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-186",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-186 Malicious Software Update"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T05:26:24.058Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40254",
"datePublished": "2023-08-11T06:08:19.709Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-10T14:58:22.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40253 (GCVE-0-2023-40253)
Vulnerability from cvelistv5 – Published: 2023-08-11 05:34 – Updated: 2024-10-01 20:45
VLAI?
Summary
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T20:34:17.095243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T20:45:41.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T01:46:04.743Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40253",
"datePublished": "2023-08-11T05:34:48.443Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-01T20:45:41.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40251 (GCVE-0-2023-40251)
Vulnerability from nvd – Published: 2023-08-17 06:54 – Updated: 2024-10-01 18:14
VLAI?
Summary
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
5.2 (Medium)
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:10:03.722743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:14:56.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T00:56:07.979Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40251",
"datePublished": "2023-08-17T06:54:14.152Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-01T18:14:56.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40252 (GCVE-0-2023-40252)
Vulnerability from nvd – Published: 2023-08-17 06:41 – Updated: 2024-10-01 18:17
VLAI?
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:10:08.410399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:17:21.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-558",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-558 Replace Trusted Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T01:51:40.680Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40252",
"datePublished": "2023-08-17T06:41:53.096Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-01T18:17:21.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40254 (GCVE-0-2023-40254)
Vulnerability from nvd – Published: 2023-08-11 06:08 – Updated: 2024-10-10 14:58
VLAI?
Summary
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:genians:genian_nac:4.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "genian_nac",
"vendor": "genians",
"versions": [
{
"lessThanOrEqual": "4.0.155",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.42",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.54",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.15",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:54:36.654999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:58:22.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-186",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-186 Malicious Software Update"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T05:26:24.058Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40254",
"datePublished": "2023-08-11T06:08:19.709Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-10T14:58:22.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40253 (GCVE-0-2023-40253)
Vulnerability from nvd – Published: 2023-08-11 05:34 – Updated: 2024-10-01 20:45
VLAI?
Summary
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Severity ?
6 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Genians | Genian NAC V4.0 |
Affected:
V4.0.0 , ≤ V4.0.155
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T20:34:17.095243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T20:45:41.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Genian NAC V4.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian NAC Suite V5.0",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Genian ZTNA",
"vendor": "Genians",
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-31T05:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.\u003cp\u003eThis issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\u003c/p\u003e"
}
],
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T01:46:04.743Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2023-40253",
"datePublished": "2023-08-11T05:34:48.443Z",
"dateReserved": "2023-08-11T01:54:13.646Z",
"dateUpdated": "2024-10-01T20:45:41.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}