CVE-2023-40254

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*
cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*
cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*

History

29 Aug 2023, 02:15

Type Values Removed Values Added
References
  • {'url': 'https://www.genians.co.kr/notice/2023', 'name': 'https://www.genians.co.kr/notice/2023', 'tags': ['Vendor Advisory'], 'refsource': 'MISC'}
  • (MISC) https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -

23 Aug 2023, 00:03

Type Values Removed Values Added
CWE CWE-494
References (MISC) https://www.genians.co.kr/notice/2023 - (MISC) https://www.genians.co.kr/notice/2023 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*
cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*
cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*
Summary Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.
First Time Genians genian Nac
Genians
Genians genian Ztna

17 Aug 2023, 07:15

Type Values Removed Values Added
Summary Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

11 Aug 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-11 07:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40254

Mitre link : CVE-2023-40254

CVE.ORG link : CVE-2023-40254


JSON object : View

Products Affected

genians

  • genian_ztna
  • genian_nac
CWE
CWE-494

Download of Code Without Integrity Check

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')