CVE-2023-40253

Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*
cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*
cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*

History

29 Aug 2023, 02:15

Type Values Removed Values Added
References
  • {'url': 'https://www.genians.co.kr/notice/2023', 'name': 'https://www.genians.co.kr/notice/2023', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • (MISC) https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -

23 Aug 2023, 00:02

Type Values Removed Values Added
CWE CWE-287
First Time Genians genian Nac
Genians
Genians genian Ztna
References (MISC) https://www.genians.co.kr/notice/2023 - (MISC) https://www.genians.co.kr/notice/2023 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
Summary Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
CPE cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*
cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*

17 Aug 2023, 07:15

Type Values Removed Values Added
Summary Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

11 Aug 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-11 06:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40253

Mitre link : CVE-2023-40253

CVE.ORG link : CVE-2023-40253


JSON object : View

Products Affected

genians

  • genian_ztna
  • genian_nac
CWE
CWE-287

Improper Authentication

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')