CVE-2021-26622 CRITICAL

CVE-2021-26622: Genian NAC remote code execution vulnerability

Vendor Genians Co., Ltd
Product Genian NAC Suite V4.0
Weakness CWE-20 · Input validation
Published March 25, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

9.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

Key dates

02Disclosure timeline

March 25, 2022 CVE published
August 3, 2024 Record updated