CVE-2023-40251

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:genians:genian_nac:::::-:::*
	cpe:2.3:a:genians:genian_nac:::::-:::*
	cpe:2.3:a:genians:genian_nac:5.0.42:-:::lts:::*
	cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:::lts:::*
	cpe:2.3:a:genians:genian_ztna::::::::

History

29 Aug 2023, 02:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.genians.co.kr/notice/2023', 'name': 'https://www.genians.co.kr/notice/2023', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}~~	(MISC) https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -

23 Aug 2023, 14:43

Type	Values Removed	Values Added
CWE		CWE-311
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
References	~~(MISC) https://www.genians.co.kr/notice/2023 -~~	(MISC) https://www.genians.co.kr/notice/2023 - Vendor Advisory
CPE		cpe:2.3:a:genians:genian_ztna:::::::: cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:::lts:::* cpe:2.3:a:genians:genian_nac:::::-:::* cpe:2.3:a:genians:genian_nac:5.0.42:-:::lts:::*
First Time		Genians genian Nac Genians Genians genian Ztna

21 Aug 2023, 02:15

Type	Values Removed	Values Added
Summary	Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.	Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

17 Aug 2023, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-17 07:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-40251

Mitre link : CVE-2023-40251

CVE.ORG link : CVE-2023-40251

JSON object : View

Products Affected

genians

genian_ztna
genian_nac

CWE

CWE-311

Missing Encryption of Sensitive Data

5.9 /10