CVE-2023-40253

Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html
https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:genians:genian_nac:::::-:::*
	cpe:2.3:a:genians:genian_nac:::::-:::*
	cpe:2.3:a:genians:genian_nac:5.0.42:-:::lts:::*
	cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:::lts:::*
	cpe:2.3:a:genians:genian_ztna::::::::

History

21 Nov 2024, 08:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 6.0
Summary		(es) Vulnerabilidad de autenticación incorrecta en productos de Geanians tales como Genian NAC V4.0, Genian NAC V5.0, Genian NAC Suite V5.0, Genian ZTNA permite el abuso de autenticación. Este problema afecta a Genian NAC V4. 0: desde V4.0.0 hasta V4.0.155; Genian NAC V5.0: desde V5.0.0 hasta V5.0.42 (Revisión 117460); Genian NAC Suite V5.0: desde V5.0.0 hasta V5.0.54; Genian ZTNA: desde V6.0.0 hasta V6.0.15.
References	~~() https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -~~	() https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html -

Information

Published : 2023-08-11 06:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40253

Mitre link : CVE-2023-40253

CVE.ORG link : CVE-2023-40253

JSON object : View

Products Affected

genians

genian_nac
genian_ztna

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-287

Improper Authentication

{"id": "CVE-2023-40253", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-11T06:15:10.673", "references": [{"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html", "source": "vuln@krcert.or.kr"}, {"url": "https://docs.genians.com/nac/5.0/release/ko/advisories/GN-SA-2023-001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de autenticaci\u00f3n incorrecta en productos de Geanians tales como Genian NAC V4.0, Genian NAC V5.0, Genian NAC Suite V5.0, Genian ZTNA permite el abuso de autenticaci\u00f3n. Este problema afecta a \nGenian NAC V4. 0: desde V4.0.0 hasta V4.0.155; \nGenian NAC V5.0: desde V5.0.0 hasta V5.0.42 (Revisi\u00f3n 117460);\nGenian NAC Suite V5.0: desde V5.0.0 hasta V5.0.54; \nGenian ZTNA: desde V6.0.0 hasta V6.0.15."}], "lastModified": "2024-11-21T08:19:03.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "BE039840-D93C-49CA-BB6A-B70771196C1B", "versionEndExcluding": "4.0.156", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:genians:genian_nac:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "04EF7B43-ADE3-474E-8E9F-7B2AD27FAB0C", "versionEndExcluding": "5.0.55", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:-:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "E514BF16-6FE5-4029-BBFB-87A487C5BC07"}, {"criteria": "cpe:2.3:a:genians:genian_nac:5.0.42:revision_117460:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "0A8D2C71-F0A1-41D4-9A84-EAE0CBC39B22"}, {"criteria": "cpe:2.3:a:genians:genian_ztna:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A36D6C47-C07E-41F3-9051-47CE254B01D0", "versionEndExcluding": "6.0.16", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@krcert.or.kr"}