CVE-2023-40251

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

CVSS v3 5.2 MEDIUM

5.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html
https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:genians:genian_nac:::::-:::*
	cpe:2.3:a:genians:genian_nac:::::-:::*
	cpe:2.3:a:genians:genian_nac:5.0.42:-:::lts:::*
	cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:::lts:::*
	cpe:2.3:a:genians:genian_ztna::::::::

History

21 Nov 2024, 08:19

Type	Values Removed	Values Added
References	~~() https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -~~	() https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 5.2

Information

Published : 2023-08-17 07:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40251

Mitre link : CVE-2023-40251

CVE.ORG link : CVE-2023-40251

JSON object : View

Products Affected

genians

genian_nac
genian_ztna

CWE

CWE-311

Missing Encryption of Sensitive Data

{"id": "CVE-2023-40251", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-08-17T07:15:43.737", "references": [{"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html", "source": "vuln@krcert.or.kr"}, {"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-311"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"}], "lastModified": "2024-11-21T08:19:03.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B", "versionEndExcluding": "4.0.156", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C", "versionEndExcluding": "5.0.55", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07"}, {"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22"}, {"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0", "versionEndExcluding": "6.0.16", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@krcert.or.kr"}